7769af718266fcc91c9f39eb71d1b137156b95d6e6704d9b783988e3421ac656

Analysis

max time kernel
149s
max time network
151s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250207-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250207-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
09/02/2025, 01:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HiddedLotus/HiddedLotus.app/Contents/Resources/configureDefault.pdf
Size

428KB
MD5

f344d1b15be233d6fdc600d7aac76609
SHA1

3e9cebc29c7e95fb152a8a0c8fcbd4470c46aadb
SHA256

31f30c93721e9e5e483dd680d5aeff7e0863e2df925667ffd48e58eaf567212c
SHA512

482a26e51803845505e96136bcee47b2ac67b87f3eeb604d80177859fd59c60ff5e2eff0336b5b2a5c1f20fb24b9be0f1f132acc8185b3f7a476a158849e656c
SSDEEP

12288:As/3ZYHPeUqNykalNvB+mx2Ztb8a3Dpeg0QE:AsPuv2MlP+mMZl79j0QE

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 2 IoCs

flow	pid	Process
30	3648	Process not Found
71	4776	Process not Found

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3136	MicrosoftEdgeUpdate.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133835387813368320"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3872	chrome.exe
3872	chrome.exe
5000	chrome.exe
5000	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe
Token: SeShutdownPrivilege	5000	chrome.exe
Token: SeCreatePagefilePrivilege	5000	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
4472	AcroRd32.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4472	AcroRd32.exe
4472	AcroRd32.exe
4472	AcroRd32.exe
4472	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3872 wrote to memory of 1100	3872	chrome.exe	91
PID 3872 wrote to memory of 1100	3872	chrome.exe	91
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 3076	3872	chrome.exe	92
PID 3872 wrote to memory of 4188	3872	chrome.exe	93
PID 3872 wrote to memory of 4188	3872	chrome.exe	93
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94
PID 3872 wrote to memory of 3040	3872	chrome.exe	94

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\HiddedLotus\HiddedLotus.app\Contents\Resources\configureDefault.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x224,0x228,0x22c,0x220,0x230,0x7fff1f26cc40,0x7fff1f26cc4c,0x7fff1f26cc58
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2032,i,15064007340630201645,18246492780457846105,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1900,i,15064007340630201645,18246492780457846105,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=2068 /prefetch:3
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,15064007340630201645,18246492780457846105,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=2388 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,15064007340630201645,18246492780457846105,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,15064007340630201645,18246492780457846105,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4532,i,15064007340630201645,18246492780457846105,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,15064007340630201645,18246492780457846105,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=3692 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4808,i,15064007340630201645,18246492780457846105,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:3592

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2724

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MDk5M0QyMzYtMkQ0MS00NEFBLUJGNzAtMDQ2MEE4NUIwRDc5fSIgdXNlcmlkPSJ7OTIyMjE0MDUtQjJBRi00MzJCLUEwRjgtM0VFODkyRDJDN0Y0fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7QTBBNDFGMjctQjRDQi00MjRDLTk5MzctQjAzRjVFMUYzOTJFfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMSIgaW5zdGFsbGRhdGV0aW1lPSIxNzM4OTM1NDQ4IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzODM0MDc5NDg5OTIwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDg0NDk4Mzc4MSIvPjwvYXBwPjwvcmVxdWVzdD4
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:3136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7fff1f26cc40,0x7fff1f26cc4c,0x7fff1f26cc58
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,13887677748811121432,3275320750634382896,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2184,i,13887677748811121432,3275320750634382896,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1820,i,13887677748811121432,3275320750634382896,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=2452 /prefetch:8
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,13887677748811121432,3275320750634382896,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,13887677748811121432,3275320750634382896,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3688,i,13887677748811121432,3275320750634382896,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=4532 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4340,i,13887677748811121432,3275320750634382896,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=4660 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4672,i,13887677748811121432,3275320750634382896,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4520,i,13887677748811121432,3275320750634382896,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4824,i,13887677748811121432,3275320750634382896,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:1232

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:856

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
cc4cf7c478223b836e48776b70575c6f

SHA1
3a864b65b9354eb61c86c28eaf2b3c16f9a400cc

SHA256
bbd63a954e4aa53b037f56a4ff3b37d1c5a25e1b77275845304358aeb04d34a5

SHA512
d3c2c087cd12b0f075b715c1db07c4f3cfb08f9e00abb81cc4bd20fd5ef9101a22b2c78bbc5535642dd63fec0d5909500fc81ce65be267865a7df63066ada6ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
f98ea794ddf99bee7a380417690dde31

SHA1
a12f46bebf51815b75c790b5e9587ada3d967ed4

SHA256
835c2c5e573f8342c69cbf08c887dbc1e48baa32d5e13669a828b129246da917

SHA512
a6dd34e8eec79e757021fbfc7c8532baa56a293f03ee9336315fbcda4ba0073e13e3a9db3548ff681f31f2344ec87c11f0795994cae5c70ff8f3909338425d4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
d2352247c3c01ba50964c599bd959d01

SHA1
32af0c7b94adeb6ce9fd1df3c7f1a36d763c6c16

SHA256
78f68399fca1a7e51d3e1e3239ca41314af5a74df24f460626c42afdbe1dc02b

SHA512
c5de1824d5199c9f2d9b331702cc66323fae217b5de5585da7c34e63a70c581de6fa03d451f5c9b623b62ae21e2d2be2aef3824e4c6db81ae656bd334b0a18a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
3e9fd69ffc692965d5691f5a699701f3

SHA1
a3a696b3e8280b0681e2b5ef5ed77a0430343296

SHA256
dfaca9217850ef32f8ae8749934193c1015bd78267c7fb02a15fd2ed96beb5d3

SHA512
2dcb1c35a0f3d838914e7f635a6c8fbf4978c3609f4a8288263bdeff899d002acff1edd384e85fa6ddff33523c74b684a6e0ccc932ce81dd88e1e6739be75f77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
36KB

MD5
add3800be93a84cbd838cee06e8d8207

SHA1
6f4ecdd70ddbb0fb61ff941087617d387ec369e5

SHA256
158182b8fcc88db5466511dc284d6cdbb9f7fabfc4db0159b81bc403ebe45a44

SHA512
56bb318653bf1546b53ffb24da7d9d17a635694d7e04726b69720424d84486f1dc86c83a912b5cd980ac9f6e6a83f0562660d9f27933977ca3f81729a2173f4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
24089dd4ebff14b724c640de761f5c1b

SHA1
c4caad8f7454c82f30a23a2ce492089660243eae

SHA256
92e695ebf27ff8532ef7396595ad56379b984bdc76bdf081301da95aab5c535b

SHA512
798ef1d7911935f05309afc178fbc4fabaf7d67afada6de5e73309858be75ecfc28b60315485e4b59ab6e738764ac7ecf4aa40d6294e9e312bd8661b946dca35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
3b138fe900bdd51f39e9ffa38f01b3da

SHA1
25017560f0432b5c84967a27ad7db352a8a57782

SHA256
a65901a776d69b7f25287e8b18e1af180c4205806abac0c7c24e06eb1545c2a2

SHA512
c0b78ae5c73ab1a6c6a22be0b6f67e89c08496c00dd61b01beeadb5afcb71e3d2cb44f1684983738bb8a7692120467021d541afc8373f2b56de1feadfbf93344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
0c39af4efc3aadab8a59a4f57086ce71

SHA1
b09d26d509c0e8a8e3cb009776687c156a397323

SHA256
148caf96719b90af329b5001e6842741d31d05b9aeb03c6c7247570e6b706152

SHA512
92a500f49d922e9338b740388c8817583bce78ce23c97d2ded0ab126ab09e6236b53293232071f3d8aecc448e582b4b1b15d9702cc31d407d434490e77306718

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
52a62fd363edeb1c532f4f06e8101f83

SHA1
f4dc89c9de0a829c6630972a0a869f25458fa158

SHA256
c2ab86a00371f04373d86f9e6a9d24130fb85738c063acef7a13da4665855ba1

SHA512
833ff53dfe2ce9bd6fcc1933d519ccaf878ae1415543d409ef074a40a80b382803c705c6511305e89fc84b36582585b3e03fcdd9a161b0b1bd31a36d7be44dc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

Filesize
4.0MB

MD5
23f59f17e5a629f39b4baef574fcbfc2

SHA1
abcb7b6e3aa8617b6b5091f1a6331b7b6c3f6e15

SHA256
4f3f2ef091c7542455cbf4162ca052095d41d0d8b25e587ca3e17a6cc4741231

SHA512
3ad8fa7de82520b596d075bdc467f999a64d307851539796bdda4eb1fef99cdd2f177b74c4fdd8e7430c689a8692e3c5213142e2c037d1a7b2f4346a06c03333

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
1d074252b4d55c2650f046bf5f57e72d

SHA1
58d67eb931124e0b65d4599fe2e6ddc0023c60ef

SHA256
5da718339735d146ffe3e2a1d8bccd489ade75a4508c931dd82be7c687b6d332

SHA512
4cca384785602db672b2e7a4a35e91d4701b9efab02a32b012eaa133279241354c5dd97b47f1e30b9abf055ed54682f7f5227f8eb981ec209c97360b591fcc53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
5123c5f270e1fc4bec1e78056638366b

SHA1
2e84426bdac2b06b48fdea79e3d3c2ddeb54bf41

SHA256
3a4538dad6096eb4441c8d16005066d29adb15430c1d1da59687e061afe5b5af

SHA512
757bf59c17c588538ac6e01144725add3b79422f584db70b27859b14a0a9cf8c7a14eee88eef1fa398a9d25c540fbd8c27a8b1b457e279b947914f0cf7b87aed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8389b63d003f259b600e4fb1c38f0756

SHA1
dd6a3acc5211e1fd3fb9a650b46287624137eff6

SHA256
6c0c68af3de1ee4a798cc4b58e63c33a5ed980202cb2741eaa8a3fd2780d2a93

SHA512
70240fdcfdcd39c6c466fcfec091f75403770e1d15a9be9a82b13328e65d743ebd9fe53a0e52f7426f109790d265e935c87f43ccd97e224a86c584ef363818a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
abd497cc50b232d0aab83190c781bb46

SHA1
2cf894bad48e2e9622fe6dd57db78a938ee5cf31

SHA256
eb36849587220adb137e56952fe8c70a72a8198211a59df3fdc607a93b2c43ad

SHA512
23bf07c85880673db8baed02beb49a32c50aa25a5016b161b2f969041b30eb081714e94ad91a3396840a1fd4dc8fbbab8d783592abad53419048546d782dc3b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
37b360d23b8cde313a76ce1c3f30cb75

SHA1
0f5f010dc37d6dd5316204dc73c0ba23fede9b8c

SHA256
113331b20482668dde8b5083e5e34519a9a0c201dc6ed25e0d96ad2d1f9c69f9

SHA512
eeec3357bc41fcf81dab3a17f3c7a3343be9f059dd175f4d826b392b2e4a464b58398e3199abbc0613417290f24c313808b8bd4814b392b233a754e31c147fc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
29e91343d1ba08055a19a1cb3c52f5c6

SHA1
9cd2d82f5ea7c916e751005e477c1c2137f34192

SHA256
2f75bdb5cac2e2ea457328cbb7b579af714efcf7fcdd734a2e078525be479a5d

SHA512
89bbc97a493a10dbc53cd79cea3396ade69065b958597eb1b76b0923810e5099d6c5f49441f898361d0ced5ecc1f1f99a441352d61e7fb2f21f1aacc3befd851

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7cd1f37b956143d3014e837931ec184d

SHA1
0d32faff18cc1b76df7abcadf97bb2e5066feef8

SHA256
3773edd3888c75221984bb8172e03c0a6fba20539581aefff88fde405cf38191

SHA512
7dc2e999994b29122040b789624deab43a196c6995e690d6452e818391ca1d794967b4db9be3d098581a171079df557d9b835e99e278a6b18f3269ba4356bde6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fe66f205db8048c0dda7adc94dc3616b

SHA1
568e0ad06ea7cde7c50b3cb73d30b051093d1ff3

SHA256
aa5e0e69ea351f5a1ceaeba2ddb2e966173af28bee3e927c6fec156026c8da5c

SHA512
94f0f4c5e9b100967d6942a9008dfb9108eca9ef81e34a3fd8d9a49beaa15c6b92a646fa2bfc93c6d00f986e421a83d1b46996adb5d111dc301ad9df9239c930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
03ca06ab28899202746534b67c33b55d

SHA1
669a212411e13fe265f76486892bccb6aea64018

SHA256
50baa9127998241bdf03cc856dd290b115b6517954bf29fc171b857335e9fd62

SHA512
ec3e05d03749eacd348e9fd86605d9755132c0f4a6f418050ba0d01262830926faf0273c1cfa6871bd5bcae836e2938eede9558ec2af2ecfce758d7836c5d071

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
02599428cbc6a626338c91c242e884e5

SHA1
64df24fcedefddd3c2541780e454f9d5f8667a5f

SHA256
2494cd5e83a63f966e679381cdfc1dc76a67096d2f488bae7da80d80ae2b86b3

SHA512
66e533113e3a61e161d85df332afb10547719f5e3ff250ac29841ae82af8b874321f2c2313ec11ef1e19e7400925db5119f51d511dbc118ad7043b7f46643f3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
53ad66f1c9afe76c01535dd4e1c1b10e

SHA1
4af530867df9f0e2a1613728eb8822a181506501

SHA256
655e861a293bfc5b1913083113513243a22be8d73dd21d7e222d5ff6c53beeff

SHA512
140709461aadcd86f94386c9d7c229ee7e9ad510907b7b3177fec61df9b45374c4639d531726ded720043ba6fd655696860abc4dfdabe5bc047109806d690da6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a463096bf6b4f3c35da75a3d308fe1df

SHA1
9a88a44ebfb26896c65b984cb5fa951492dda52b

SHA256
200a57cc30bd7b81bb08671700ad51d59acf974b5175dfcf50b1f7b091fb9864

SHA512
ed453a7295c1dfd5f987742a98b6ea66137b6148661847a4be53750d4135205cb4d16738ceaf18e69081e23494d74c7bb1db8681aa8d1773c0013c54aad3570e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d913cdb641906714400cad907f2c91b2

SHA1
b7da67848151bbeec21b1ea21e6e7396467d9be9

SHA256
9ca755e3efa17fa905594c27f62d7490120c98918506f5b61a8825ff1571dfe0

SHA512
f4f475ae6ef63f890d9a859b59c679f67eca740ed336610a4a702f561a9f504d97bef7d5253daeba9b4ad7252bc46634025a85d2e8521f508daae148f7abf0bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
75ae416c110911ef28b593cfe578c79d

SHA1
fa36ef2128903bd36580f0965316da8ef78baa5a

SHA256
666a1a6d40a54bb20efac6ffc2b1d1845f07ee608a30f92c93355ce699d0871f

SHA512
7156b813681ed0ec7c6d45c64da79791572705a5e425e7611d7cd6cac81b99c327580cabc496ca1e5583a3d64c695da79775a845640126deb8fd6e3570a9cbc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2876dbe9746bb987e1561530a72ada19

SHA1
da763e389689db9df3c8a5f5e4d12bfae7fd0073

SHA256
fa9532093b4a0064c35949d7c42f5ba21321e0d9759846be637377f9318f6665

SHA512
e9da9794f3b7483c853bbbcc3793d476f5342bc5acd0183388b1999563bdbb1da2d22c9cb5170e0074c38455d5cf819ecf1b026a41cf698f8c10c1587f74caa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
336B

MD5
25dbee2985dfe77cf07f38cb9dd909d3

SHA1
1314ff8c1eac1c440e7fd866d8ac35d38b77659c

SHA256
78acc4e0965bf426faf5ff80cf1b934b31e47ede7d167bbbc709086dc4450fd9

SHA512
66d33c72e8f48baaac3844d1f78e57ea18540b98bcda747b149998dcec5de77e245ddc1925f881a38c83f0541b84750adeb43146d3eef03363491e39832de53b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
327B

MD5
a66efaa590a0d16b1874a35836ba0a4b

SHA1
bb750c61e162420271f89a90f2b58f43587680e1

SHA256
b9ab1ed7609e2254b7d4fb655b57b21b2be601646c4ff0b207c411e8bdd9e654

SHA512
2b1ea0c798b69b360ab1546d14fccf7d5f9cb224b31bc8430cdb956c8cc570a086e4cfa10e6a843292deb862f4161dfc9b9abbc44afe397ff0ec9563646ff7a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
fc258c70b0203ac3364ff71dd323c71e

SHA1
cd98f90114d572a463e79c4de9237949a7f79d6f

SHA256
69523a21d58fb92c0e06cd96f9964c2502e9f3d77953c492f70e3f2bcd913691

SHA512
16effd890e9562adb0fcdd5c17df959bc41e7cac4429733d5113236e292e9bd0a4acd1c56bae266267d894c31641778ae165e9df843d42bbd4ed02a8eb2136c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13383538744783451

Filesize
2KB

MD5
0991f3d238f1489a5636764822f6f326

SHA1
1c97c70ae60cc08481a75dff671ce8605d79f7e5

SHA256
3f6088e1cc49495e553277bdb7360344bbbe97e9d8e4c6aee369f7f4e2ffa70b

SHA512
bf0d9c1159ab4258ad8a08cd2d92528a77260c26087de1cb5c72a0327e0c8caa6718f50a1d11767e8dd295e9444e44ac1f05f017190110ba1efb4c81fdfa9cb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
266043a52110aa7ba70025d1ebfcf143

SHA1
30370a4366b44aa26d5e0beba72cf3b06ccc75ca

SHA256
9087119d81b9b1edc0aaea4bf6912ad36c11922c8a04c2da7025cb9edadd9f08

SHA512
1820f442d77aa423322c2bab68ebafa53dd18810941c2d71a9cac96c99da84fc08a9ff6333a80aecaa4ec7e4ce3211deebc5deead44142da6e9a23f5f69fa7a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
b7df62270fb7e0005fd617238f63c7a9

SHA1
fca57d0a9e04d1046a02618eecf8ff9eb442d7a5

SHA256
3b071aa45c1c5501326962790f4f03ee71b736ade23ed0e6111573c1590b56d3

SHA512
5613c4c2d608549bfc1d7ca38fff74593bf7e10a612d23c921802330f1de3cfccf8705b9dba8c731d3acc7faee6a0068af7d54a5dcd02121bb5fe8b8ae236624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
40KB

MD5
91f70b1342f096915114bca7067093cd

SHA1
58099995b099cc4326fab755dfe129a68ae5b551

SHA256
0b4f1994b717efad0b6a56688a712a84e8ed02c4524a746cd5b65e421681e2d9

SHA512
eb10f66c0900aa0599c311d825128f7737cfb0ed52f2d17a758b4664536b8ebca32cd7a5e15557f93129ec17a3f540ca2edf3a8421073234b794f41dbf79f688

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
d5e594439c9630e959d980c61db561c1

SHA1
b20b584edcab1526d919e723e3c8029925f340e2

SHA256
55fe980a6cbf4f67af32c58309d516f10e406069c4bee5a0f5d96f1bea2c1b8a

SHA512
515b3159b218057e69e741bf24921ffdb75a9a467c52d68dcc664ddcb7c7f34d5b910bcf1207bfa0620fc24958cfe38d807151f22ccf4325a1e59b0717a0f77f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
14KB

MD5
23ac30d17bd3e16424b8a62b0c5accf5

SHA1
ac4144cbc8efd3e396cbe6880bf4a859e9dea97e

SHA256
7c232b7ba34f8b40aa1bdb997cfa63de4dc433cb00aa210928c38ce4f422f6d5

SHA512
815055ec4394a8833cfb245e9355069fdd2ebece30d959e2b187c75dc94b1bd444cae86600e58326cb8c965302f253772f479b207aed16c8ee1b50557411783f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
4ec868c71f395559c9c5daef6918d725

SHA1
3418b3772753cd472c32f33281da8f8b8f167a65

SHA256
d9da8b02c269d0fe177f131113ade842af694a0166b78c943ed933703ac34b29

SHA512
55430855c7c8227c16d30537138cb7fada9243bfaf893e9af1fd3f082e4b618abc80c8bd38c3a675d5cb349e590463db945781acd04f569e2655090ad0c28e3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
9f6f7dbc1dd3a9388c91e28bcb80a211

SHA1
21668b715d48e83efdb9b90421b2271ef7057344

SHA256
37507e79070e971a5cd33bc9fe230fa8f4d89e7e04c17609dd7a78a5775a2ba3

SHA512
d8bd871e5252b455d7242a671ef5c565c2760bf1d5621a2846c2b68a206aafa5a7b8450d2fd9811b9d1fc59859b1578c9d4c13de6dd01c5190fd5b733f5ac4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
5b942e92a89d64a512cbe5831b0d9ca8

SHA1
da2398c1ac9cdcf116e9fb463c236e59b3c1060b

SHA256
611c6a07f74e4887db342f31d1205a11ae6b84a6bb2bbb253071916cd2d20f36

SHA512
4192919e59a7887f402982a549e087b8ecede71c7bc1bebf81e3166baab4e9b145789da7492d8204ce40ee8f3ca2fe6ebcdbd5cfc2035172ab4a44bdf84b5f20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
cd6b5aa89d338900ac9006b70e78c975

SHA1
044248aa56983eb00965647fed00d15652c701b9

SHA256
25336b3c9e8546c0749067b1ce75020a0bd48fbd245c2d17f0db4638984e29b3

SHA512
eedbb89f62e42b5be48d6fc4522c06a9846249a540e58d81aea7b4f3119607bafc73fbafee7504dadc8824b5635929f37e9cfa1f41de06aedaf5e0d75784eca4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
db86572281aed5a22c0f12342827f8a1

SHA1
26fffb4c86fdf164113f6091c23e364474c880ef

SHA256
497d0af421d0c39b05efc870cf7f74dd8ee0fcaf318dab46617fa2963befb4c7

SHA512
2c07cc8321b8a61f49177155beb30f73743766a429e823b08d79bbe31c3889d20c199d00e7e951d35cefabf8b5b414802565efe1b4f576b33d9cabcc3a5cf266

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
4fff63b29ad02d9f78267064434db362

SHA1
1d0bf14f95936e82f6fb6dedf6c1c46be41bb360

SHA256
279bfd5ce9daad30b62ed5d4cccb1572280d19c1fd3221fffc054af58afccbc4

SHA512
abb7cdda73bea7bc008e266d72c578dbe73fd3ebc4e5eca8a0ccae3ab576d9b3df0782422381f6b1e18b6eccc4380dc5627a6ec0674f4c47bdcf16cf475c9c8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
244KB

MD5
cbdf6ec16aa4619f6fdaaed875f69941

SHA1
02f3d8e88fbdd3396605dcbd014db51dfbb8d1d7

SHA256
45a64857954874d6b9d2d356600ceb7f65c2d4a8bc895d8f0d762d1aeb67dc30

SHA512
f8404cc3ae0908b90fa3b6969e3cbc9f6b14164d6211f7777f33153d9794d1a1832e320bbb60e15d9f517169701ec4fdce7fc39d32ac6c58f12b094819bf93ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
f09eccb1d37316a991a557ee45e68e44

SHA1
e2192ecc6e5806c9bd6306e63be0932713c150a3

SHA256
58fabaad09fe4eb423c3aed4fce6a81e8754089ded5535ac8ac7be2ba5bc18a8

SHA512
cba8fcea92c51429ac7245514213bd1ce489878d6cc0f5709ee3d968397ebeb3a19726a6bc124884cfe8db338784052db604ae3aa264ee6a348c89eaf0e1cf11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
244KB

MD5
16e42b32232fae8200740038888a684c

SHA1
e0768f8994af9cce021477b952815941c29a6d0d

SHA256
39ab3c5df3af252399e59ef42dee8fe8028d6c96de979ca6f80f28333c4f3dfd

SHA512
a6dea4d4a5ba03ae91d0d49349e5915c92b74fa52cfcd3064a137b9797ea36a2375e26938a4c17062afdadcb110a7aa2f9887c6c9551578d5af3ba2f3b44576b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit