c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

Analysis

max time kernel
178s
max time network
180s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
26-01-2025 07:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

winrar-x64-701[1].exe
Size

3.8MB
MD5

46c17c999744470b689331f41eab7df1
SHA1

b8a63127df6a87d333061c622220d6d70ed80f7c
SHA256

c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a
SHA512

4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6
SSDEEP

98304:6NRBOBfKgQIm9EOTqw8vjh9Ac9nUNupK4hVvcF+yHrAr:sR/gmeOqv7Ac9F0kB

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133823494860743833"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4112	chrome.exe
4112	chrome.exe
2340	chrome.exe
2340	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe

Suspicious use of AdjustPrivilegeToken 46 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4112	chrome.exe
Token: SeCreatePagefilePrivilege	4112	chrome.exe
Token: SeShutdownPrivilege	4112	chrome.exe
Token: SeCreatePagefilePrivilege	4112	chrome.exe
Token: SeShutdownPrivilege	4112	chrome.exe
Token: SeCreatePagefilePrivilege	4112	chrome.exe
Token: SeShutdownPrivilege	4112	chrome.exe
Token: SeCreatePagefilePrivilege	4112	chrome.exe
Token: SeShutdownPrivilege	4112	chrome.exe
Token: SeCreatePagefilePrivilege	4112	chrome.exe
Token: SeShutdownPrivilege	4112	chrome.exe
Token: SeCreatePagefilePrivilege	4112	chrome.exe
Token: SeShutdownPrivilege	4112	chrome.exe
Token: SeCreatePagefilePrivilege	4112	chrome.exe
Token: SeShutdownPrivilege	4112	chrome.exe
Token: SeCreatePagefilePrivilege	4112	chrome.exe
Token: SeShutdownPrivilege	4112	chrome.exe
Token: SeCreatePagefilePrivilege	4112	chrome.exe
Token: SeShutdownPrivilege	4112	chrome.exe
Token: SeCreatePagefilePrivilege	4112	chrome.exe
Token: SeShutdownPrivilege	4112	chrome.exe
Token: SeCreatePagefilePrivilege	4112	chrome.exe
Token: SeShutdownPrivilege	4112	chrome.exe
Token: SeCreatePagefilePrivilege	4112	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
4112	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
892	winrar-x64-701[1].exe
892	winrar-x64-701[1].exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4112 wrote to memory of 1224	4112	chrome.exe	82
PID 4112 wrote to memory of 1224	4112	chrome.exe	82
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 1144	4112	chrome.exe	83
PID 4112 wrote to memory of 2096	4112	chrome.exe	84
PID 4112 wrote to memory of 2096	4112	chrome.exe	84
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85
PID 4112 wrote to memory of 3140	4112	chrome.exe	85

C:\Users\Admin\AppData\Local\Temp\winrar-x64-701[1].exe
"C:\Users\Admin\AppData\Local\Temp\winrar-x64-701[1].exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:892

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\4d4b0dfcde534135ba8f7a2da6c1d033 /t 4744 /p 892
1⤵
PID:3348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0x80,0x108,0x7ffe9802cc40,0x7ffe9802cc4c,0x7ffe9802cc58
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1768,i,17192067162213960652,16765460962492747669,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1764 /prefetch:2
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,17192067162213960652,16765460962492747669,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,17192067162213960652,16765460962492747669,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,17192067162213960652,16765460962492747669,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,17192067162213960652,16765460962492747669,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4476,i,17192067162213960652,16765460962492747669,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4744,i,17192067162213960652,16765460962492747669,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4780,i,17192067162213960652,16765460962492747669,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5048,i,17192067162213960652,16765460962492747669,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5068,i,17192067162213960652,16765460962492747669,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5072,i,17192067162213960652,16765460962492747669,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,17192067162213960652,16765460962492747669,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5384,i,17192067162213960652,16765460962492747669,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5136 /prefetch:2
  2⤵
  PID:1480

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3064

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3444

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0x84,0x108,0x7ffe9802cc40,0x7ffe9802cc4c,0x7ffe9802cc58
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,1679341453699150923,9007645824506804496,262144 --variations-seed-version=20250124-140855.299000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,1679341453699150923,9007645824506804496,262144 --variations-seed-version=20250124-140855.299000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,1679341453699150923,9007645824506804496,262144 --variations-seed-version=20250124-140855.299000 --mojo-platform-channel-handle=2372 /prefetch:8
  2⤵
  PID:200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,1679341453699150923,9007645824506804496,262144 --variations-seed-version=20250124-140855.299000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,1679341453699150923,9007645824506804496,262144 --variations-seed-version=20250124-140855.299000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4404,i,1679341453699150923,9007645824506804496,262144 --variations-seed-version=20250124-140855.299000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4752,i,1679341453699150923,9007645824506804496,262144 --variations-seed-version=20250124-140855.299000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4792,i,1679341453699150923,9007645824506804496,262144 --variations-seed-version=20250124-140855.299000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:3860
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7a1a94698,0x7ff7a1a946a4,0x7ff7a1a946b0
    3⤵
    - Drops file in Windows directory
    PID:112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4668,i,1679341453699150923,9007645824506804496,262144 --variations-seed-version=20250124-140855.299000 --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:4020

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
11d253b3a6f1f94b363fcb04e607acd2

SHA1
9917081d96e0d89a6c6997cc2d4aad6366ecfcbc

SHA256
20152f2fc1ca7717b9b858435b3658ce0879f28944bf822210e5ac5e148cc7ff

SHA512
101086c8c2805dcb8bb4e2a3c979574fea1cf0268859804c350f05a85945216de51bce90981a11d08c9a7043efee5130ede5c5a376cd86707dcc90c0e4f45334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a4ed6aad99905a35d3ad01a3560c0b74

SHA1
a2a8b27348b1ece1f770a334db03cd5b9e597b38

SHA256
08f5c197fe900b794d987c74bc7191791aff00422576eed44d8a0f9732484ae2

SHA512
336417097762d8f53fb2b0fe22fd80eb5391908cdc724637f55571cccd7667a798249fd646eb1491a6c033eaabad6a074c1139d1da8af9280f2124df12f6ef4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
3f9e875e7d6481b5ecdfedac0183172b

SHA1
27317233e93bd0f3e86cd08bd50e9bda8e14a155

SHA256
20104aa53566174f14f04a6b9edb4a16206bc7c44a85aafef399412a43cf53aa

SHA512
cf0c9bc01cf0c4a12eb9d8be1c60773b61707ad993a91b38411c14bc316b6908e7679103ea0d541834383f0cf965543b0dcd4ad9e12b9c4cbe48ef76ecb97fdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
80655fc5f0fc21542e97a06bbd4eeac8

SHA1
d3fffdc232efdeaddd8ad2d83ff5c4f663cf3d51

SHA256
c1b67cc435010d32bed68be77539086312ca4bb57b8f8a50b584891e99fbad47

SHA512
d09b18be49180c8ce0f10d78d497742444ed644170b989833cdce09d0963f6e055fe44c57853358887ea23b2fa075bf61c34f59eea9fcc2541490a7fbcff5034

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
7403ddd92773c2b21481ae7e240ed76e

SHA1
236a460d5e18d15104201d5366ab21fd58ec386e

SHA256
b48705ad41f7e1282dc32c62f326fc20d7b53f6c43e910ddf65f81aa6d21bba5

SHA512
25b5ce560c1b0a97a361a2f1044916c7defc35febab74658236be26071320e309268ea3e95d8f2343273bc43182e8173b49e0d9b8b65c6930a6a5ed7131ba170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
7b49e7ed72d5c3ab75ea4aa12182314a

SHA1
1338fc8f099438e5465615ace45c245450f98c84

SHA256
747c584047f6a46912d5c5354b6186e04ea24cf61246a89c57077faf96679db6

SHA512
6edf4594e2b850f3ede5a68738e6482dd6e9a5312bffa61b053312aa383df787641f6747ac91fa71bb80c51ed52a0c23cc911f063cd6e322d9a1210aea64e985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
cbb6eb47185807dab50c5e55c7a385e6

SHA1
8c5e069abd838b68b072a1357b8d1b4a1c2c0d45

SHA256
c460de08e05dcebc43f63b3541359cbbc8a6494075207284ab08cb50468ec760

SHA512
ce492d7fb1ac3277a32b706a238e300b1e2fadc6eb93417f79305e51f8ed5bca7b7f25dada6b85e4de48314e1ef88024148fdd6eb8f11d10726ad6e971ef8f4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log

Filesize
399B

MD5
a15ac2782bb6b4407d11979316f678fd

SHA1
b64eaf0810e180d99b83bba8e366b2e3416c5881

SHA256
55f8fa21c3f0d42c973aedf538f1ade32563ae4a1e7107c939ab82b4a4d7859a

SHA512
370b43c7e434c6cc9328d266c1c9db327621e2c95ad13d953c4d63457a141fbf2be0b35072de96becc29048224d3646535a149229fc2ba367c7903d3e3e79bdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
060252f72502ab25f99021bc903319cf

SHA1
c10f9762c283d29aa0f5ecf974ca5482dc76e2bc

SHA256
3656f36713edcd749e2660bcace7a137937b1039d6be62fb48dae5293696563b

SHA512
8004779806ec2eb6ddffd14da390912f31f5b0b5df105cbb109ccab6a8fe2c8543663fac91b0c9f45656742766d385d72757d1537308799d11dfb39aae974cc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_metadata\computed_hashes.json

Filesize
5KB

MD5
b60565bcc498024ac6b314bbde5fc51f

SHA1
5a56ef1f2db4075458d28a8cbfa8c2016e132d12

SHA256
2789f5c2c30836bcd23b16b56bd75e1adb34464d81a0985c7f4333d851d5d0b4

SHA512
5089f9447e4f942109fa4f6d178269ac112bd404376561b13360e4fc2dff852b592e8880fe4e239f2cad83d718ce5aa079eba5c5bbc620fcb23c3217a048a847

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_metadata\verified_contents.json

Filesize
11KB

MD5
0a68c9539a188b8bb4f9573f2f2321d6

SHA1
e0f814fa4dcc04edc6a5d39cbc1038979e88f0e5

SHA256
39e6c25d096afd156644f07586d85e37f1f7b3da9b636471e8d15ceb14db184f

SHA512
13f133c173c6622b8e1b6f86a551cbc5b0b2446b3cf96e4ae8ca2646009b99e4a360c2db3168cb94a488faebd215003dfa60d10150b7a85b5f8919900bd01ccc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
e0cf360b3eb2f3d8504b05034d0d1f9c

SHA1
18ff654564843f34ddf65a893c7f21071b171465

SHA256
4dfc7de6b0ccdbe7d8636660e9ab000fb84656d71c7c25b654013902ca8c60c3

SHA512
0503171b45785d4c714aeeab6b3facc34967e9052a6673369aedec01bfd6893f340ea520ea3684fb829a00ccdd7009127d1fd4e1a9de78a39e3c0fd7ccc3dc40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
8db6f14f2941a40c314819a5dc77454b

SHA1
f5c948e7e82e51cae9607264ea314869efce257e

SHA256
ba0c90835805a90b7fc8b134dc6a2844fd0a03b8c247eae6e18b273d7323c1bd

SHA512
b8d70d8de569bb6adc4d5f8de91dcf2bc779213ad367b1edb52aaf243fb55945d2dd0bf075932a1573a119e64aea875fb9693b041db561719ebfd14a172f7cbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
dd37e07fd61379e4476b691839b73044

SHA1
6bd9ceeb22f9b092daa09720721f7c8bb70a18dd

SHA256
002de0ee94ee5f75a42754b904de489896718cbdcb96b3954ef9ce481b0e1fa4

SHA512
329a37661614222c508391609985a6f4c5b29016fd0f1bf0c7ef11c1a50c7c60710f73c549c1598f2b3bc23707642b866622b9e2461ac928c7531b506790874a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

Filesize
4.0MB

MD5
cfa172a650b84b3abdbcc47097ea7b57

SHA1
5b45943b506c37225942826c102fcca6bb743847

SHA256
74581baa80a130006b3dd5628aa4845b20089bb80a5c5710c459e2708c95b038

SHA512
fd8626ec91e0b48a17bfe1bbf51ff8419717f631109ea2ca39b908dbc06d7628b4ff5d861bee7bc2070685c59a63c9c3759db1cb589299a0cf430a7d3b5dabfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
c7488015678206a5de6fc2378f93258a

SHA1
1b432ee846a9afb77b66d6e8a5cd4bc561942fc1

SHA256
1cd55abcf96d88dcdc80f30134fce5963a6adb2380465b45a2ce6b09186fdaad

SHA512
d59eeeed0b399b1bb21464800e6d6fa8c261335892974f8a7a945047c5c8ced51faa4ac898d34670abfc0de31c5a5306943767d416fae97c752386def04e4142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
583b0e425455559ed3e5f2fff82ec78b

SHA1
d555c0767833e710770f7e564d7ac4874b604663

SHA256
06b288ea48cce63a5275f2b58d45e6d8b0a2494a986b28dcb7ca20c626fbb240

SHA512
223b51fd513048aed05b93e8542d8ca5423961eff1575c74aa49aac88749e7bc820bf4b6c2e0e65e2bd673c91c2ad49fbe9152daddf0ce6e9a73e52d409d6120

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
02f41993658ee46fdbddba3cacf11bbc

SHA1
45b1aaee39f5fb566372e7e89a93ac6953f67c4f

SHA256
6206849cc8203c9bce0a229248539b82732457a9a3c4da7e16bbe57b1a5f6f96

SHA512
13c679f8d78f4f42aa6b39457810e503ab24ed0c7c2c44185617341c547910977e3ebca077d7506d3448ff423441d91f02b8299b769e4100c458aa2161703a32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
90c0fabb76c8ae9b5da9345d9a9889fe

SHA1
7e8548a98a291095c62b71a35a106cf2f962deea

SHA256
0bfdd11346f0b5df4a0a14db696f902696f47060fdeb667cd9789208aac83107

SHA512
90152c50d6d8e9d056ded9016799fa83be9dcb25c236fca367240a88b16cb47a5acc2b99e4cf1abda402e6dd02a8f7e77ae7c6a484cc255838b5559fb44fe1d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
4bae504f087f2e86d9853196504a2a6c

SHA1
d2d85531d10bc099a83128c333c4ab0bb721c1aa

SHA256
7c81b89f55407fca82e9c59486dff61e9390686f58a79f05244bfdff00bcb8a5

SHA512
68abd33608a96bc574846d678ae0bc9345d8f6d3f4636c901aa21c347f5fee435988528f4123e42ab5674773cfd62240304521fdae8b336b273f722ad7cac573

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
1078469a32a697e89b09f814162cc75e

SHA1
f970e1ca750b0532e5e9f9ab91ff8a87597c2161

SHA256
0711fde176a758563e4dcfd8a2f254fcacf1885c7154371f94ee58ed0a536696

SHA512
4b9e1f43cf12c39fdb4db3f91609d83caf10a1b9c6225b918e8236fe998dcb83774ef787c1156059e265cd1e2c5248cec2997d2362d74c44beccd52f39dfd938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
972a53b743ff106c676b375b8db252d4

SHA1
5b7de8e52e64c35c37d745c497ca016e3cee6458

SHA256
5a841da1492b1f0766226ebd2ede0e42fffba98ea7de034f53d7edd408be5131

SHA512
20d1f7c8bba77b1c13ac67489527be10c0c5ec9c731ce75a3657f253d3a4e45ee83631732da26d3222faac5d268847e81f3aaa9149b5d58e2adb96dbab9837ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG

Filesize
291B

MD5
f3686755cd510f65acdef4ea24b5a40a

SHA1
46a16ddfdc01bed0395f225288cd400a4c165641

SHA256
88e26eb4e80140cbe488fbdcf71bb5b238c56a3cd0f118580f42cc79ec2f7c0f

SHA512
43bd9fb479db2c0a1f0cdd6f8c6a693232e28680195f384726de1bf303bc45201c02a029c29e3eb216ce0b1a41bd7194ea259ec2bed2a295b490da0d47db19ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2d3e4802228fab3d804dc061457a59a7

SHA1
5b1dfbf16fb78f9a0c0b81141c1ef05bd70bcffb

SHA256
78f869cbae1b853ab5fe1109d4294eac979e43530f04149dc6e941136094c603

SHA512
a88d51ec328327e62eadf2445601bf51c544a0717f0ccb81259d03a7197ed1b282cf6839c24f280ef974b782dc1942c31b7d7c6845a9e865f20fc6ab8e607dbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4bbececd36b17b28e3376b9d569a9211

SHA1
70815ee2c06edd75d7f4f5fd4a8bf4cd461c24b4

SHA256
937f17639493ddc4f3364a1e3b2f4915b56bd430221376c00f1e581228c803ac

SHA512
b00ef401c0752db8187f307ede92e51c77f8dc408d8af3ebb28e99e8f66c83fd76a372fb219e4ad6fab1c4d9ebf1aff14ff4744f4362c3734cceb41df0403d08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4e4d5466979c31dc046936ec9437776a

SHA1
b76a64b13aaf83cfca6dfedbc7228ba580f2292a

SHA256
6f356173aeed5a144261c00655406d68e8663b2d448ea9d1ca343075c7725da7

SHA512
33e803cd940e2a97dab11a1ebce3043826e446bd5e7e6e5a4e3154ed43e7b57e74e5a064e3f243371102f3e3fa422c9af9a766a5b04c0ac79a9817bd733ec299

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c780d874eefc22005a65a47f9eec2080

SHA1
9ad3019fc7f9d84c9dcd2acc17a38e127127bf9d

SHA256
3816c72c5fca8ec715ff15c268ff00d8697993aa000b223ab6ee9374fae1cc39

SHA512
476d4bca8087921a70bc58297f0dbd4b47b35784c0bcca45a8c541c14afa6039ebdbf171f5022ef45b575623568c7fb227ab6445ca9f39516661d7341e8d8c58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log

Filesize
3KB

MD5
15cc99a9cd693c460a692997d5c1981b

SHA1
b58da8c23c64e279e1f9a1f1760adc79957054ff

SHA256
469d75cf16ae74dbdba30c8902fd2a6a5e70ad5c04daca6b892f89085ac6947d

SHA512
1e8ee5100de37b79f5dada1eeb25110b5dbc39d1ec423fc00a1b91ed83d20ee7e44912c2b07abaa18073c7f056b68dc019a87163acfd5d35e4580ee0c89acb1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
1d166acea1c07d5a8dd132d2f0f70809

SHA1
21ead9580ffec5488e15a46d415f8566512f4287

SHA256
68d097d9e807feeef19e31e508c9f5f650e66bbd2430407611f2552fde9113fa

SHA512
672c337c6ac7639efd1cba091231d21fabbc5025875df1d331778db7040a5decb17e8363290175a27cee07520e0ea04d4868ee6d9be29b9abf61f6f60bb1a46d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
656f3aec67537e9c65beb4c22029824c

SHA1
1f2e384c5d7c98e4c2a023841084037aed5302ec

SHA256
19cffe3cf6b11237fd53ebd019efed68f3e44915f56ad5672dba420ab39dc27a

SHA512
1fbc00731a812ab45961f3d1eeb14f79c30086619863f46061585c3a0d039188144489ce6961f09a71ebae5e459e6943f47dbf66bf8109e06f1b12a2dc7856ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
327B

MD5
a66efaa590a0d16b1874a35836ba0a4b

SHA1
bb750c61e162420271f89a90f2b58f43587680e1

SHA256
b9ab1ed7609e2254b7d4fb655b57b21b2be601646c4ff0b207c411e8bdd9e654

SHA512
2b1ea0c798b69b360ab1546d14fccf7d5f9cb224b31bc8430cdb956c8cc570a086e4cfa10e6a843292deb862f4161dfc9b9abbc44afe397ff0ec9563646ff7a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
4de0c2ca0b7484cda2fd18c387777703

SHA1
5d36ffba6070a0d8651b9b1caca25810adf9f391

SHA256
b2d173bbe4de085daaf058f1fddd39158f7ff3eb158836c5235f8c340b902a67

SHA512
aa85514327111c7f8bb5b6e42b19e6237f0529f94b33234534c267eb7bbd491c61068175f2e46e2b7bc41a2bd430529db2ad5a4164e273cef191f00e8983e0e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
13a65d43008dd0eb0919632087e46543

SHA1
5ada6f3b7989ac69c1853aa3078ecee19af48db4

SHA256
2cce484ab54848c45762caf6fdc720baf95192a5c6097d6b07372e22d7521b5e

SHA512
f15e229275032d5d5b7f0949a1f4441171d72705dc18cb1c6f956a0d0a99f06573b29d2b5f5755601d6a537c5cb31f9d4f180410469a3460a2504f06f01ccc52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
1046176855a4b93c2e5c41f2a4d62805

SHA1
6dbbd7c5dde14a9caaf18f923b4282cddec28dfc

SHA256
e42d0146dc1c5a24612fe70ed96296c7c11416db4feefd8e3a61ac087c25f5c7

SHA512
534e2de788af1d719b25cc2725f262a20fab5e102e010de62835fa01bc631e1b82f2a2c3bbac3a5c8c7596b944b23813b4460fcfa278a62c9eab86d72c383f97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
40KB

MD5
fe9e3f33388f9a0f34d1095b696d3b1b

SHA1
aec498be1e591248fc0ab97986e6fd66ed871a12

SHA256
02a93f50e75d6fb9689a99e93d57c3dd05bd8f0bf40f2d6a0c6132728f60ddfb

SHA512
c52200b4ef668a11798f358c88baa32b4517e7a85b40371b39e928c0dd18fe92fc56dd0a8bec4cf351e7f6281254ab9ff083e2e86b09914b01df701009c3b68d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
f73cdc680a3f47faa87342366d995943

SHA1
df1e0f202debd04fb0805ed95fec10963ea4b88a

SHA256
8708e117c596ec3fc315ca96c5b09d83ceaf9435cf00c4123128f7e18d003f13

SHA512
c950c3843fc9fac716e26859d59708d168ae33a06c4899145fcff40a218cd158f94f81eafcbff4f59ad58ac14b323d5edb8cc3994ae173f278977f723d94406a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ed26f485-919d-42a3-989e-04a354179ebf.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
15KB

MD5
d627b1020b6cc2dc5877fd99de067724

SHA1
2ae30d61daf45a58c0f2dd019d3c84014ce141e3

SHA256
293931d9f11828475deef58b2d10529d53dc00f24afc7afe5921c644f9882405

SHA512
41f487a1042b120da5b22936c7fd85bdd7a820235973d6317ec4ef51c1f3a89e5088b37c8429bbcb9774325675bccfa56c47b04edb64944685fc278a74fe70c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
97ae2b09519f207a9aab8f471d1b8860

SHA1
a8c34562e5bf2493a364222c407c79404c683e08

SHA256
e816d89a6ca8161166d7f58299f3352b54798136fc1e7e0c27b1c8a9f2dcfcfe

SHA512
a22fbb848c329b54e88858c86bfd2f200bfce8d4b0a7d68e0312fc4cfff7bfd4814ba005b4293192fbf76f8b181671dbf639547d8e1c867684591ad22928e91b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
ace12e0f994a270ec44d4a814423de21

SHA1
787cd1129ed7268e96d81f618aa9c6ca7f1cc345

SHA256
d5f28f451fe47fe914b56e854bddb0a3ad2574c5cce20d00733f1f10abbf3089

SHA512
8f5f5bc96bef4a5014cebc5310aa0ef6a4c00f474c26ab6497a75a1b85b33aa8f2d28176f452e6d9df6015678bc6f1b45c6dc3b07c56bdeb5bbbf62ef9a44ab2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
a7066adbb69ac71b5ebee67721a6881a

SHA1
ffc840bee4db425ce13b8d152d05c90e5536f531

SHA256
b64dbc535f70433f73d7db215ecab9c1ff521eb89bc1432570442401cb975343

SHA512
05e9e7320858670202b94caddc795f13765c6bcd5112eb8bcce99a62ae84a709365c5a253e0504321694b41cf23103c49cadd855c3f557e5534f6941e1d1977f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
0365f923262bbc66d702779d97a418f9

SHA1
20d9c2a9af7707c3ea260ec2980baa89894d18dd

SHA256
9a16ffab6f10a07a74e38fe776ddba4022b381703a56bcccafe2df80e0a2b7a4

SHA512
29bf4710481f6ef6a741d3b5d6452a00b31d02b1ba843828dbaebe14fabf984c38e0aca5a803a86e473947e3b36b5d2998dc64b5e223fcaf18fd64665a458a3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
d9551857c970f3fa44716307d81a827b

SHA1
df9d9602c13c6c415262f30313e7715ec1a5861c

SHA256
f80d1150323892cc34d5611ae80dad20bacafbcb48894d31f95eb408f25f2c45

SHA512
84613ce9d4eee4a64ba6b3853973561b4cf1e86dd4dbe0720af1e6416cae001dbd39e66f7c622bfb9d40311ac3504fdb96d2e18cfa975a4b9805f74a536212f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
cbaffb517d835d67fd12754d43687e69

SHA1
5b8b7367239e48d68f7afbd60447c0ee088f21c6

SHA256
7066326c46aebebe37c36b460ba5e1d99cd8dfcd4275e6a8b3c1e2593208f16e

SHA512
c3db6bef411a8c789a901be6be759fb061ba44aac72cf7bf000473e22e1fb2004c360a663483468b55fce6fc1c0f2fecb2e00929dbaf27e84c7b3644a89a0cf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
6f699693e17b3436a1c585b3d452b11d

SHA1
ffe78a6a03ad85dd385d03b7bc54afa55c8bbdff

SHA256
9276d13872be8f5d2d5ad82f595f0e6114d94b08312549a6f2b21936948e3496

SHA512
b310b578f4f500518d6d5b7b1656a5e85ec59c1bfc5b746cef08c533154de58f201fefdf01467cdd593e6d1067ba7fb1fd7c466bd6887f9c87d290c0302190a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
121KB

MD5
f506c97fe1ebb07dcabf932e327809b3

SHA1
e92484f43d288ca8591a9d05cd2930d5677de093

SHA256
861fa55d7149d42bb3e4a56a2a2d3a49d454a24c0cb6728d89c53b24472d36ad

SHA512
f659100a4c00fb2d449cc3e0b9c1340b13d3bfeb3f25f6571e883f69464775b31df46eeb18ec52175d6371e5286b12cdb9150f88157f69f2179297b4e8412ba8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
121KB

MD5
ddac0090d20e9c2a2fde04f8ebee0e08

SHA1
52e0488e3dfe2727109c8827e7f63d5b51eafb82

SHA256
a2f7a5d5eca98bdb7c7d4be20dc8326502dd85a2a87b8e77207107220495d367

SHA512
27c4363d90ff1fb70f340c7f93c61a653186c3cc61ec4740f2376906e56ac7cfb0adc57e43877ae599f1054ef23645936eaec54b532ec0fbf231638f252a801b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
4165d3b3a270e7067bfad816b32c9b18

SHA1
9016f0eb176b815c4318da32f100d69394ce8c70

SHA256
f67871822a856bac3527959f512ec0c9354582855afa02e3b8c1e864be713f00

SHA512
08970b4e1830015d5d9f8a60c998f5e76b4de17c65587a1325898262b43dd8212c8e5ba9874aba6c58a11bb7278ef7563a5f288043313e2aabbf76fa576fabf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4112_446609570\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4112_446609570\e59a501a-d8bf-4f32-af17-3bb901b2d8cc.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit