Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/04/2025, 17:05

General

  • Target

    eefb11e7bb1c352d6ba64795e35ce958efa2c9c520621b9209c28e89adac5c0e.exe

  • Size

    12.0MB

  • MD5

    c043e9f857ae66d89c9471e4a4e5a9c3

  • SHA1

    599ca6af0fc22d7c6879063f511aa834d53a951c

  • SHA256

    eefb11e7bb1c352d6ba64795e35ce958efa2c9c520621b9209c28e89adac5c0e

  • SHA512

    5a3be61f0b5a75fc3fdf9eab66555975fb44d2586e7a971b9d8573e7a9e94abd887b091311f1efc52367f62c7af073211978b2ef9d345474a4d36676d233159a

  • SSDEEP

    49152:TSz26GORt1xUI7KnEQsJGtCN5bIfx4f1JTtpZuRQJBQbDW61P067knpfeTkSO2KE:TSk

Malware Config

Extracted

Family

valleyrat_s2

Version

1.0

C2

47.236.171.20:10000

47.236.171.20:20000

127.0.0.1:80

Attributes
  • campaign_date

    2024.12.25

Signatures

  • ValleyRat

    ValleyRat stage2 is a backdoor written in C++.

  • Valleyrat_s2 family
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Executes dropped EXE 35 IoCs
  • Loads dropped DLL 42 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 4 IoCs
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks system information in the registry 2 TTPs 2 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 4 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 32 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eefb11e7bb1c352d6ba64795e35ce958efa2c9c520621b9209c28e89adac5c0e.exe
    "C:\Users\Admin\AppData\Local\Temp\eefb11e7bb1c352d6ba64795e35ce958efa2c9c520621b9209c28e89adac5c0e.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2644
    • C:\Users\Admin\AppData\Local\Temp\upd10.tmp
      C:\Users\Admin\AppData\Local\Temp\upd10.tmp
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2160
      • C:\Program Files (x86)\Google2160_1534165493\bin\updater.exe
        "C:\Program Files (x86)\Google2160_1534165493\bin\updater.exe" --install=appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={EE15F6ED-D77A-49BB-3AAD-3B54A00528C2}&lang=en-GB&browser=5&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-statsdef_1&installdataindex=empty --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/updater/*=2
        3⤵
        • Executes dropped EXE
        • Checks whether UAC is enabled
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1488
        • C:\Program Files (x86)\Google2160_1534165493\bin\updater.exe
          "C:\Program Files (x86)\Google2160_1534165493\bin\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=130.0.6679.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0xf6a6cc,0xf6a6d8,0xf6a6e4
          4⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          • System Location Discovery: System Language Discovery
          PID:4140
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks system information in the registry
          • Drops file in Program Files directory
          • Checks processor information in registry
          • Enumerates system info in registry
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:2240
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=134.0.6998.178 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd526e6f38,0x7ffd526e6f44,0x7ffd526e6f50
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:4392
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=2064,i,3888038871022805650,9715837290276239767,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2092 /prefetch:3
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:4852
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-pre-read-main-dll --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2064,i,3888038871022805650,9715837290276239767,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2060 /prefetch:2
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2044
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2064,i,3888038871022805650,9715837290276239767,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2536 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:876
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2064,i,3888038871022805650,9715837290276239767,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3268 /prefetch:1
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:772
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2064,i,3888038871022805650,9715837290276239767,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3288 /prefetch:1
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            PID:1596
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=2064,i,3888038871022805650,9715837290276239767,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3984 /prefetch:1
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            PID:4600
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=2064,i,3888038871022805650,9715837290276239767,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3992 /prefetch:2
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            PID:4524
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=2064,i,3888038871022805650,9715837290276239767,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4564 /prefetch:2
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            PID:3068
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=2064,i,3888038871022805650,9715837290276239767,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4884 /prefetch:1
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2156
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=2064,i,3888038871022805650,9715837290276239767,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5444 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:3532
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=2064,i,3888038871022805650,9715837290276239767,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5680 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:4276
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=2064,i,3888038871022805650,9715837290276239767,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5860 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:5192
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --field-trial-handle=2064,i,3888038871022805650,9715837290276239767,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5440 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:5424
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --field-trial-handle=2064,i,3888038871022805650,9715837290276239767,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4488 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:5432
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --field-trial-handle=2064,i,3888038871022805650,9715837290276239767,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5868 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:5440
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=2064,i,3888038871022805650,9715837290276239767,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5896 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2528
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=2064,i,3888038871022805650,9715837290276239767,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5832 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:6092
    • C:\ProgramData\~Chrwos.tmp
      C:\ProgramData\~Chrwos.tmp
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      PID:3600
  • C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe
    "C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe" --system --windows-service --service=update-internal
    1⤵
    • Executes dropped EXE
    • Checks whether UAC is enabled
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:652
    • C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe
      "C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=130.0.6679.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x140a6cc,0x140a6d8,0x140a6e4
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:4088
  • C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe
    "C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe" --system --windows-service --service=update
    1⤵
    • Executes dropped EXE
    • Checks whether UAC is enabled
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:60
    • C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe
      "C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=130.0.6679.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x140a6cc,0x140a6d8,0x140a6e4
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:3944
    • C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping60_727359027\134.0.6998.178_chrome_installer.exe
      "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping60_727359027\134.0.6998.178_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping60_727359027\7e52de82-68cf-4d7a-8b97-e655c7916915.tmp"
      2⤵
      • Executes dropped EXE
      • System Network Configuration Discovery: Internet Connection Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2284
      • C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping60_727359027\CR_EC4AC.tmp\setup.exe
        "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping60_727359027\CR_EC4AC.tmp\setup.exe" --install-archive="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping60_727359027\CR_EC4AC.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping60_727359027\7e52de82-68cf-4d7a-8b97-e655c7916915.tmp"
        3⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Executes dropped EXE
        • Drops file in Program Files directory
        • System Network Configuration Discovery: Internet Connection Discovery
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:3936
        • C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping60_727359027\CR_EC4AC.tmp\setup.exe
          "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping60_727359027\CR_EC4AC.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=134.0.6998.178 --initial-client-data=0x270,0x274,0x278,0x248,0x27c,0x7ff638d49ed8,0x7ff638d49ee4,0x7ff638d49ef0
          4⤵
          • Executes dropped EXE
          PID:716
        • C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping60_727359027\CR_EC4AC.tmp\setup.exe
          "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping60_727359027\CR_EC4AC.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
          4⤵
          • Executes dropped EXE
          • Drops file in System32 directory
          • Drops file in Program Files directory
          • Modifies data under HKEY_USERS
          • Suspicious use of WriteProcessMemory
          PID:3120
          • C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping60_727359027\CR_EC4AC.tmp\setup.exe
            "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping60_727359027\CR_EC4AC.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=134.0.6998.178 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff638d49ed8,0x7ff638d49ee4,0x7ff638d49ef0
            5⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            PID:3612
  • C:\Program Files\Google\Chrome\Application\134.0.6998.178\elevation_service.exe
    "C:\Program Files\Google\Chrome\Application\134.0.6998.178\elevation_service.exe"
    1⤵
    • Executes dropped EXE
    PID:1260
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
    1⤵
      PID:636
    • C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe
      "C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe" --system --windows-service --service=update
      1⤵
      • Executes dropped EXE
      • Checks whether UAC is enabled
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:5240
      • C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe
        "C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=130.0.6679.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x140a6cc,0x140a6d8,0x140a6e4
        2⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:5260

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Google2160_1534165493\bin\updater.exe

      Filesize

      4.7MB

      MD5

      c583e91ddee7c0e8ac2a3d3aacad2f4c

      SHA1

      3d824f6aa75611478e56f4f56d0a6f6db8cb1c9b

      SHA256

      7f67129760223e5ddf31219f0b2e247555fbac85f4b6f933212ac091a21debf9

      SHA512

      0edbc9a7e3b6bf77d9a94242ee88b32af1b1f03c248290e750f355e921f49d62af13acfeed118ec624fb3e2c6131226ac17bb3d206316b056c1f7cf55642e069

    • C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\Crashpad\settings.dat

      Filesize

      40B

      MD5

      626e04d42b9c479a93318291540f4c5e

      SHA1

      ad6f307b87b469fdc0d203598701bb2be914cfcc

      SHA256

      465dfb9e4c478a65e3b0f8c90d2fa69decd7283d9b779aa6c92dd6b9551543c5

      SHA512

      3e12fc505ff77c773204e2575fdcffd7da84f26adf9c6c8e22a21443de1c4f41d0f53810cd98dd28f170621de04450f1dcf125bef836fa1c46e2f93724c38805

    • C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

      Filesize

      536B

      MD5

      ff81678e8c6a214cc521fdb4e3b7bced

      SHA1

      dd53dbac9dd350fc5e929a28028f6678b3dd18d9

      SHA256

      efbda0d2f60289a47cc6d4a1656e487d193eafd172f48293859a8d926ed45014

      SHA512

      4c92170610d51c96b5e40cc85e1cd11b0058f17c833b8e27dc1f43e333c39f790fbc20b4a8399614835bf4be3bdb9c10ec24cf009900077103b91c5002da2d18

    • C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

      Filesize

      414B

      MD5

      88808d5aadfdcb729589ba84133c2d39

      SHA1

      891ea5131aad3c188ac52b8e25d356574b84a3cb

      SHA256

      dc275c58282778ef62f6811c3dbf1998bda47947c40bec1790aceae6a2fe7fbf

      SHA512

      03adec9b44a049565b208de7da25f3222d8ccf418c436f10af96e8687f810faac966abe7f4d3480ff15632388ba38f10dc919f00f956caa5b5e4812aa3c371ed

    • C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

      Filesize

      636B

      MD5

      1f52a868b8f69283b7606e15db4f1d82

      SHA1

      098bae4d1f6527d0148bcaf430f4d24783b1e171

      SHA256

      5d76e88cd0105bb42ed2d593a99edbf750808e57133616e5da3419a0d0a080d2

      SHA512

      9fcaff3c80c2f8911213a1525fcb2dc2a4a7108a3facd8bbd7e270ba34d92fa2b2bb85349300b6390d6cbbd62920c320bb015621b6ca5b27e9cc785646644ce2

    • C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

      Filesize

      415B

      MD5

      4c6e859cd5e20be4efd15b2861a892c8

      SHA1

      23f74335903ccf5d3f81a9a0712cf615833b75d9

      SHA256

      62f19e7e681ec86fe6cc27a42382bdde8b45806763096ecd0245b5758ab153cb

      SHA512

      72b7b6bc3aad5a3202b72c80fbf650f49f3143707762babd396ce3246fa2f586012f69b2b16e872ccc8993d4f30fb723eb428e06e985b4a3915d72c188b2de51

    • C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

      Filesize

      698B

      MD5

      124ebc204bc33699d5784c62f99a5638

      SHA1

      81dca48572fe4625c8c9d09627f9870f19787fd6

      SHA256

      1d3208035de6b214a71f352518422b83d36131a21e77f69f51c751230d59c20a

      SHA512

      9f7ece2ac137a279bf5b4207a873bc463288188bac2b06791712a89db0426cf2c7c808658585aa8ae251914263070a3edb921031262ea2e3d05ba7e2f44669e6

    • C:\Program Files (x86)\Google\GoogleUpdater\updater.log

      Filesize

      23KB

      MD5

      ce6cd9d2133bf8d9b8a1ec33cd52adb0

      SHA1

      bb2a7c718092a38ae137f7250950746572065777

      SHA256

      d4875677cde123fedae7e2352b6b9f002689bc02d37c78d725e0745d4f8942b9

      SHA512

      d278d00c445a26d8e0afa6020892250dc018444aab5db9c7cefe8b8652f7d3754fc0f8a750d8360931b7591146376d80c6f3ced80554e1025c20ab036ca1e166

    • C:\Program Files (x86)\Google\GoogleUpdater\updater.log

      Filesize

      25KB

      MD5

      f60aeb8929ca2939461e2e88a38b37f2

      SHA1

      f0fb367c8dbe8307dd970d8c00b8f551cad059cc

      SHA256

      4d82a5c8e2efd4c5c13df288418e01b5d909caeaedd52e088ae022a84189ec00

      SHA512

      807f1f9545a99fa7224ae27d9e5279c9aa1db863003d6d1202591f5c2c71680d345da8c5f521ce52ca3ca9463ada02981f804a039550d82be8eb9aed52168541

    • C:\Program Files (x86)\Google\GoogleUpdater\updater.log

      Filesize

      26KB

      MD5

      30d417c380869fd01d550f48c8054718

      SHA1

      6e3d8dd3074949c9ec0425630e8401485baf4adb

      SHA256

      115ced0561a9c8a9b2d47a5144d33874370c75023f827f819dcd778c96284358

      SHA512

      3a48fc73ac3994d416a379fc94fe7aea9d18460edb2fcf6b326925babf75b49521d9ca4326573f1d57290e9250847591b4070b8f6be319cc1918e956caa93ab6

    • C:\Program Files (x86)\Google\GoogleUpdater\updater.log

      Filesize

      29KB

      MD5

      dcfd62d1d727bff1954eefc9ed79b2f3

      SHA1

      89873c22315be37c431545aea9a0840cfca567bd

      SHA256

      45fca3c33df4b6f7378ae8ce8874fe843840bf3fc2b7582211291ed235d88381

      SHA512

      d1190bece84f476d69ed92826775683e5c4f56ef20561ed6969186de10a38330640fb2950cb7358370ccddc802573aab185bbef4d7a77c453be04510188b072f

    • C:\Program Files (x86)\Google\GoogleUpdater\updater.log

      Filesize

      31KB

      MD5

      c0218a887cd95a21ed4d10adcbafa448

      SHA1

      28966a4953d01210ce6dbfd0dae28ad2d1c8d813

      SHA256

      a333577521eee2739501708aed5864dd164cea8d7970a41299e93deeb210ca4d

      SHA512

      67e179ad86f88f5a40c57f31a6c77dff218d5d70b4652b8767be1c319dcffac348507ec838c22ea792690086f3acba5e9ccccbf194f3c12cae1b3a4a10e929a1

    • C:\Program Files (x86)\Google\GoogleUpdater\updater.log

      Filesize

      22KB

      MD5

      d15b1204d614780b879cfc48b3a56d7d

      SHA1

      2f0d1382e4fa43d764e7aa8205f311bd132583d1

      SHA256

      c81953a330cd4afc8acf245f7b031218bc40645371b25ce2f02483d96688dda9

      SHA512

      f99a525c9b2a5820f26ec33cd3046fbcfb15269f8a5d7134d757167c117d3a68833ef94289517cdb77a1f36b0e6ae347ae5cf2ef8c746ccd7d6e2d8bb3b64999

    • C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping60_727359027\7e52de82-68cf-4d7a-8b97-e655c7916915.tmp

      Filesize

      694KB

      MD5

      a3f96c22844a34d69a008f5ee96031c3

      SHA1

      106996aa3ffc187d79e46634c235b190c67aaaf2

      SHA256

      e88df86b04c0ffacb6422f16c928830fdc1e44fae77164627a087d62338c374d

      SHA512

      16d149a55cffd769d86d980d3f22ccf5d4dc6d0fdd7d93800e19be334d646a55ea4213f7f4c72669f39382d02d9574e1de4fea92cbe79f3ca1cfb09d24f44a72

    • C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping60_727359027\CR_EC4AC.tmp\setup.exe

      Filesize

      6.2MB

      MD5

      34c2dfddff8a68e70dff4068fd425bbc

      SHA1

      2816c4d729e655315e283b1074b4e3f771afd32a

      SHA256

      f7258147da4412c75f2b665c8c0d59a0c841a19a6bf3a7f2a1e329e3db4a96c6

      SHA512

      ec5ea8ceae64ff86514e7d6df2e15ab5fbe828503acb297987a3d67d5db30d03fdee32f808a937bac9bf982e8422660d5201c05ee08a573b3036338a49ee4e08

    • C:\Program Files\Crashpad\settings.dat

      Filesize

      40B

      MD5

      20f6a2ac4027dde54ae4059a04ee2ff0

      SHA1

      6b2efc9aa62853878133b269d3640f3d4e3b919d

      SHA256

      3406c1cf4c0f19f12ca4a725d73f81039270ab08f289417e78da7d6b9eb6734a

      SHA512

      c7ad439a92caeca09c3bb055c7bf8fd7ea616dfbbb3d1a8c4d6153a8de4e499dc9685f94cb6610ad7ba7bda3548b41c26a18771ae285ccea161f885d1bb6065b

    • C:\Program Files\Google\Chrome\Application\134.0.6998.178\chrome_elf.dll

      Filesize

      1.6MB

      MD5

      320553eddfbd2ad79942e83570a201bb

      SHA1

      598911a4167ea3e1f3ff32dc5f735eaaa2824f01

      SHA256

      c61014297068640b4fd56234a7813422464e84c5615f7d5c9f2dc6f835366b05

      SHA512

      38173db9015dc4809f81299e390c887d1532c00ddc7ff39f6caa3d14321050ba660210b0b0d775ad452ae18c3d812f75322ce7c73e94bf5776ff0c4d68ab8521

    • C:\Program Files\Google\Chrome\Application\134.0.6998.178\d3dcompiler_47.dll

      Filesize

      4.7MB

      MD5

      a7b7470c347f84365ffe1b2072b4f95c

      SHA1

      57a96f6fb326ba65b7f7016242132b3f9464c7a3

      SHA256

      af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

      SHA512

      83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

    • C:\Program Files\Google\Chrome\Application\134.0.6998.178\dxcompiler.dll

      Filesize

      24.6MB

      MD5

      3e3571b1d34abf8946940a815f1df3dc

      SHA1

      8fc2d95ae5f3806e87210b976bb2d421ebc90ded

      SHA256

      ebe4015922c44cb5426595d930b0fe753eba401475a33d9e8a977b6b17d1d673

      SHA512

      9b5a7e2d92e440721c187d793318eb4623bf2d120668d97a2fdabe1c4d6c6c2193884724949792e2c64135a59bfc7b373a78d99761fc9bf390927ac1f34ec0e4

    • C:\Program Files\Google\Chrome\Application\134.0.6998.178\dxil.dll

      Filesize

      1.4MB

      MD5

      30da04b06e0abec33fecc55db1aa9b95

      SHA1

      de711585acfe49c510b500328803d3a411a4e515

      SHA256

      a5fe1d8d9caa2ff29daffd53f73a9a4e19c250351b2abe4fc7b57e60ce67ac68

      SHA512

      67790874377e308d1448d0e41df9dd353a5f63686df4eb9a8e70a4da449b0c63a5d3655ab38d24b145ad3c57971b1c6793ea6c5ac2257b6eb2e8964a44ab0f08

    • C:\Program Files\Google\Chrome\Application\134.0.6998.178\elevation_service.exe

      Filesize

      2.1MB

      MD5

      669998c11883ee3001264149eec0cdb4

      SHA1

      5aa1cc8b616bd8c65196ca525b36a0912cae8604

      SHA256

      8bfac03fb323809f51609aacf2dc3c378fec7b16c3280df255221984228c44ed

      SHA512

      28e7fab62ceb0ed9a9fc2c0c08f021eaa02f58bbe3394ac7dc8bda4a86a4c4aad5087d9b4750c56f31360bf358487987f45d34a7ed53bb86fc7dc76351cb084f

    • C:\Program Files\Google\Chrome\Application\134.0.6998.178\libEGL.dll

      Filesize

      493KB

      MD5

      1c80b3259deb09c2fa9df94ce39c93d0

      SHA1

      14b4dad2b90e9ddd0d61da0a78278921eb1b8fe5

      SHA256

      97d75ac786ab1d7fb202c6dde4caa5d0a5c8b17ffad9cfb0fbb0ee976e123fa4

      SHA512

      e1e24e98a4567ef03e777fa2e330729a8f30597e6fe71c9c47c2180b7c545eaf038265ed24e6943b1787dd6a739f095460208c0c5082e867df88029343d83307

    • C:\Program Files\Google\Chrome\Application\134.0.6998.178\libGLESv2.dll

      Filesize

      7.5MB

      MD5

      113ea6dccb4405228e6ba99d4c6ba866

      SHA1

      655ee989d1e5f8f33de4ac1b875760636dc95fad

      SHA256

      1f35bcab936bff5329fc3929c6cc765d1fb4cd69a1e30188c5d6999bd037c0b3

      SHA512

      8476419127d4788fabe9b5de1863808bdb043b103b9722d4d675c9e3ab1489ea357ce7c60dd33387b809ee5b60b713722757436ce21b4fe74d47be8273ffda18

    • C:\Program Files\Google\Chrome\Application\134.0.6998.178\vk_swiftshader.dll

      Filesize

      5.1MB

      MD5

      c815cc49d9601092610ffcf49d706a47

      SHA1

      8a8200bc22b6ac44919c5e5cd2503ee381b866b6

      SHA256

      2b45c9f43ea3063b004acf98df138cbf2b0932113f26b3126ecb09ef44d368ef

      SHA512

      910d39543096e0acb1c3aa5f444514dc18bb60916ab7bf7492ff9d1b34fa1d5bd5afafe13e77e29c902651cd25f2cb387b930542096a4920818abc33509b3100

    • C:\Program Files\Google\Chrome\Application\chrome.exe

      Filesize

      3.2MB

      MD5

      69a37696d89d819e0432d6f19dbc8c5f

      SHA1

      2347f3a42126c10ca65f02c22f86b93ac1ba684c

      SHA256

      03160c5bcf955799c790bc2f08261fea8e1db873f8e013a023606f2c5e088d9a

      SHA512

      a9a1151dd5ff763a92bb96bb135896b232dc14a28999a05542e1bd24ba7116c4e35e4c043962694ea23ffbbea935641c41de7fd7def75e55c2d71099e38f245d

    • C:\Program Files\chrome_Unpacker_BeginUnzipping2240_2027669904\Filtering Rules

      Filesize

      75KB

      MD5

      5f2e8bc6fd4937fbb0939c6773064f3e

      SHA1

      524faece2a5491ef2739c2424f962c9adf74e891

      SHA256

      4723c6e42380c6a90a601c9bf6e4dd72136958516de05623dc8d342b6e05f00c

      SHA512

      d5b3cf6ab579b71f68bb02739b70de1d403ce59c45442015e09b502e723e9d9ffcced8429c228f467995cd01a13cae9d2172994ff0d8677dfe501898922e00b7

    • C:\Program Files\chrome_Unpacker_BeginUnzipping2240_2027669904\manifest.json

      Filesize

      114B

      MD5

      9585cb6cae92df90f9fce1091c6da40a

      SHA1

      fca8bded549311578c4623680159ffed831fc38b

      SHA256

      337415af627a5c520de87843330d5b49d8041e4bcd3154b5bec1d2a1f5eb997e

      SHA512

      99192b2f98c559ce61cfe5796733a9da01cf9b4ca966500abdd71e35e18a3bf9b75ce5815e73f19d07f299e4be2b8fc6b9f289d6bbbbf357b9c0d24622db8207

    • C:\Program Files\chrome_Unpacker_BeginUnzipping2240_971155793\manifest.json

      Filesize

      95B

      MD5

      0a3038ac53b119e68102bedbfa42d4c1

      SHA1

      a077483f8520adcb3afddd37a64db8a75527cdfb

      SHA256

      704a2cf4eca1716517647eedbd0a142999c98a7ae959ca921c083fee4aace3db

      SHA512

      107075ca6bf1898e6b2095008e4f78e6677189bc7f05e19e636d96c20227ed41117fb5c47a3d75e15ec46ab3be981096b208069edc9f7dc7ab65f70b3fef79f5

    • C:\Program Files\chrome_installer.log

      Filesize

      27KB

      MD5

      78d0b1d1ff56eacf0634ec0cb327b818

      SHA1

      77e467edba84b19753bfc584bd798327fa12f60b

      SHA256

      80fb7a46156613076593e5b7b60e98398979190628deaee2ea983b1d60f41db9

      SHA512

      582e7f077432f215a139730decf044c308ab7142164b10ddf0a0b0de24b53cec058dbf39d72b116e0ea9b21644860c2590eb8d64e2c7c8f5a8ce2c20e8c9aa7b

    • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

      Filesize

      2KB

      MD5

      74417d52b8478786ad2f2b2b89be9e54

      SHA1

      75be5eec236ac86a92196577328bb5197fd6def4

      SHA256

      4401affd92123e247f69e7a1cad3406e52beccdeae8cb4a5defbdca1e28ca9b1

      SHA512

      e246b56a9c0998674c6f1a85e4b7f689196ad6dc4a03d6fe554ab85101855c2fc4ecd0d1684c36d9e61318a7ccf1c6731403d3fae7cbca9f709ab71a52c8169f

    • C:\ProgramData\~Chrwos.tmp

      Filesize

      12.0MB

      MD5

      c043e9f857ae66d89c9471e4a4e5a9c3

      SHA1

      599ca6af0fc22d7c6879063f511aa834d53a951c

      SHA256

      eefb11e7bb1c352d6ba64795e35ce958efa2c9c520621b9209c28e89adac5c0e

      SHA512

      5a3be61f0b5a75fc3fdf9eab66555975fb44d2586e7a971b9d8573e7a9e94abd887b091311f1efc52367f62c7af073211978b2ef9d345474a4d36676d233159a

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CertificateRevocation\9666\crl-set

      Filesize

      686KB

      MD5

      03110f0d1d5c7aa2b358821eb11f9041

      SHA1

      3838267d32c4f82ca58d82b2d438fd9ca2e6e43d

      SHA256

      40ec108f503f269c9cdf8c027475f951c107d442ce2f376d3fb653f3ab0fc317

      SHA512

      615cb49aa7243f5c1eb8c25fa87af019e03fa3bd163fc0721e01c5df68e72a0a77ddc842e0ce3bb5a49df99579e29c772003315021310a562b3c795025cfa0e3

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\35a75ccb-a425-41f4-83ee-e56b4b746345.tmp

      Filesize

      649B

      MD5

      6994dbcd64b445af2643a2b74edaae3e

      SHA1

      32d4246ae0ac1be8d47e449d178bbbcaad8b3374

      SHA256

      1d4e2bea666d98eb284dace8447cf4c49d8945dc4bb9e6dfac94694f5604cd89

      SHA512

      2f5bfe927791c957e32ecbf072230d67a4aa8ce82139ab9dc990bf77450f449263889f7edcb8b43ef4153ec0b7ae00aeb9afc326893234aabc6c5ee1293578ac

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

      Filesize

      3KB

      MD5

      3677f00d60710f35551f693944e4c7cf

      SHA1

      c0d1d50b2162cdb50b2e510e5ac9c397cb497a86

      SHA256

      74d25a271ff8b6b9401c6d8adfc52f601b1c56bac662edf6700dbe6642222739

      SHA512

      a70e0410702ca9b3550e5b9f77794a7117072ae29ec19eb607a72c3848cf63078d07015b4079181051112e3932ea561ad9673cb158664e9f0dbb959cfe718400

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

      Filesize

      2B

      MD5

      d751713988987e9331980363e24189ce

      SHA1

      97d170e1550eee4afc0af065b78cda302a97674c

      SHA256

      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

      SHA512

      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

      Filesize

      11KB

      MD5

      d6a06c2f1a144e3bd3b830bfbd8fc834

      SHA1

      3b6d19b4333400d15af116a91c7a19e636d082fe

      SHA256

      f06f5a28997a211b053ee949596bc17eb9221d16dddb8f6729043775b087ff7f

      SHA512

      6be211122f59e3b576b4c48441891e6890ef906db2a9e68927f3020f3b2fb37af1b410e8d9a975ef56a2f26f928474906ae8ed62a72c2f23da0f3f9dbcf361dd

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

      Filesize

      18KB

      MD5

      e0ada9a0b34e3a1a9084368be5e8f916

      SHA1

      f4a301a63c04b0d65b15a4aebf59e7f1c692378c

      SHA256

      fb1cf00e762c54eeeaf839edbe89b8f37c0b813f9af8e66ff35c098466662c02

      SHA512

      6552036d1403782d6480db51b9cf307e1b5bfacfff487766e5de5a175cb47d7b67463d6a6f92bd4efa3751d5b51c0244f867e8d7c5e268851ac66a73652420ee

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

      Filesize

      72B

      MD5

      ff70d9c41c50e395a47d069a75effa60

      SHA1

      0ef52622de376c32aa69e5ca5d2e4dceeac9164f

      SHA256

      264ecbcd32837238fd43590ccddb39b12884bae1c4e12f4b27db9c4ec44abe63

      SHA512

      15d46083489d50d116a7ccff67251e5b3f3d3b8509aeba46df9fa387c20be3d09f4e48b80d30d40574576549806bb95fc24ed173e33001c7709afd739400f5cf

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58ae9a.TMP

      Filesize

      48B

      MD5

      f6863a0a4d5b57b3cd29ee82a0e458be

      SHA1

      874136d93243ec77eb766239ecc0111716d5041c

      SHA256

      b9ca0044297758fd55a3aaad9472c12eba4008a9b9582e6c0c17d7b473153f34

      SHA512

      31ea26d695a16822da21da4e76e93c92b461569af130db2ae7fbf12a2a21dc9b50cff7b2df25e158f1d9f7b3055e9ba0d0868808665cdae609e07f058ec21545

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

      Filesize

      38B

      MD5

      b77fc97eecd8f7383464171a4edef544

      SHA1

      bbae26d2a7914a3c95dca35f1f6f820d851f6368

      SHA256

      93332c49fab1deb87dac6cb5d313900cb20e6e1ba928af128a1d549a44256f68

      SHA512

      68745413a681fdf4088bf8d6b20e843396ae2e92fbb97239dc6c764233a7e7b700a51548ff4d2ea86420b208b92a5e5420f08231637fbb5dbf7e12a377be3fc3

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

      Filesize

      80KB

      MD5

      c83cf19a25171cf85dfca36f7c969066

      SHA1

      7de83e0d0daf74eb0d931781d13499de0cfbfaa6

      SHA256

      e53004a57dc9582dee657370258ba56ce115bc8e62ba2616df980baaf094f5ea

      SHA512

      5eed2678defdac5a5461daa91dd04a0fdee3a43ba4c7c119e9b0fb403e6b1c10e877dba8d403cbbb7247e729dbd014400bb44bb572441c5d1d3c338f88980c29

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

      Filesize

      147KB

      MD5

      5b51e98250bc4b6d72b76aae42999811

      SHA1

      458b9b8301fee6028135a2d6f11aa347ef3fee94

      SHA256

      262ca19baba5df051f0b441637f6863410aae7a5dfa68a986e28939fb6a889a2

      SHA512

      73e43da69b701d05a59606c88ff3e41d6be0780af4899058708b002928bc483e2a091b59f0b64cbdb6196719fe6cedbb85c3c863a4c6603842d8468d9d25e6bb

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

      Filesize

      147KB

      MD5

      c4fbe59032c7aff10cff3fb518cbeb1a

      SHA1

      d6b0e05f5f5393df766b20478aff335602b20715

      SHA256

      0f378c2fb80cfd135c228384d0c18bdcac62a8216bdd3139e3d86fa5fb64f700

      SHA512

      ba2a54eef9d63b21dad82587a0c4dee40d9b8be74b588765f13740825f300711d78762544412ddc8c48d80ef24303f879dab06a0e2b346a52f716b61153510a1

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

      Filesize

      152KB

      MD5

      dd9bf8448d3ddcfd067967f01e8bf6d7

      SHA1

      d7829475b2bd6a3baa8fabfaf39af57c6439b35e

      SHA256

      fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

      SHA512

      65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

    • C:\Users\Admin\AppData\Local\Temp\upd10.tmp

      Filesize

      8.5MB

      MD5

      62c0b4f49b7bcbeb759fb4f227072129

      SHA1

      f6f7cffbddbb4cc50f5647d81e95722f1f4d9cb6

      SHA256

      8f4151291000b80a3f6150c1cc3939f5ee80b022e0fab58d21b5dbeaf179162f

      SHA512

      44cd1698d51aca6337850c5fd02dcacdf528268748178539320f216440daf46b435c4ce82c69befba314011fa45a34b3964438bf0264eb2a59bda869b55d4f4d

    • memory/2644-0-0x0000000077D71000-0x0000000077E91000-memory.dmp

      Filesize

      1.1MB

    • memory/3600-498-0x0000000003A40000-0x0000000003A74000-memory.dmp

      Filesize

      208KB

    • memory/3600-529-0x0000000003A40000-0x0000000003A74000-memory.dmp

      Filesize

      208KB

    • memory/3600-528-0x0000000003A40000-0x0000000003A74000-memory.dmp

      Filesize

      208KB

    • memory/3600-527-0x0000000003A40000-0x0000000003A74000-memory.dmp

      Filesize

      208KB

    • memory/3600-90-0x0000000010000000-0x0000000010021000-memory.dmp

      Filesize

      132KB