Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-03-2023 15:30

General

  • Target

    18669b21194b03105d0a9145635a1ce6.exe

  • Size

    1.4MB

  • MD5

    18669b21194b03105d0a9145635a1ce6

  • SHA1

    59d361b172cfb610aeef1e0ab6e2546b40aaf1f4

  • SHA256

    d9d2ad004f71ee5e3dc5f0170b74a961fc5df4e187ea03a11788ed30a1a8230a

  • SHA512

    0dff9b45ddbd0a80e05d3194f645a5f38c165ab904e01eb566a1406823c80c78ba0e39e7e81975299951d482ec31cf7514a3c2afd997b2bc656f6cd846be69d8

  • SSDEEP

    24576:PGU0HpRGUYHKaPUM0Hqy69NgA+iVvRuPpND5TqJ6y5eXt7dRfj5h6SY:OpEUIvU0N9jkpjweXt77L5MF

Score
7/10

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in Program Files directory 10 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Kills process with taskkill 1 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\18669b21194b03105d0a9145635a1ce6.exe
    "C:\Users\Admin\AppData\Local\Temp\18669b21194b03105d0a9145635a1ce6.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1376
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c taskkill /f /im chrome.exe
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4040
      • C:\Windows\SysWOW64\taskkill.exe
        taskkill /f /im chrome.exe
        3⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:1908
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      2⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:5112
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c35f9758,0x7ff9c35f9768,0x7ff9c35f9778
        3⤵
          PID:3440
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1836 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:2
          3⤵
            PID:1564
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:8
            3⤵
              PID:4516
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1796 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:8
              3⤵
                PID:2356
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3192 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:1
                3⤵
                  PID:4688
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3220 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:1
                  3⤵
                    PID:1688
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3820 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:1
                    3⤵
                      PID:4240
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4952 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:1
                      3⤵
                        PID:5028
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5172 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:8
                        3⤵
                          PID:3892
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5328 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:8
                          3⤵
                            PID:2672
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4816 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:8
                            3⤵
                              PID:1424
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:8
                              3⤵
                                PID:2248
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:8
                                3⤵
                                  PID:2328
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:8
                                  3⤵
                                    PID:2248
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:8
                                    3⤵
                                      PID:2780
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 --field-trial-handle=1852,i,4688389390564338290,15246521591700329718,131072 /prefetch:2
                                      3⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:3344
                                • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                  1⤵
                                    PID:4216

                                  Network

                                  MITRE ATT&CK Enterprise v6

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\background.html

                                    Filesize

                                    786B

                                    MD5

                                    9ffe618d587a0685d80e9f8bb7d89d39

                                    SHA1

                                    8e9cae42c911027aafae56f9b1a16eb8dd7a739c

                                    SHA256

                                    a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

                                    SHA512

                                    a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

                                  • C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\icon.png

                                    Filesize

                                    6KB

                                    MD5

                                    362695f3dd9c02c83039898198484188

                                    SHA1

                                    85dcacc66a106feca7a94a42fc43e08c806a0322

                                    SHA256

                                    40cfea52dbc50a8a5c250c63d825dcaad3f76e9588f474b3e035b587c912f4ca

                                    SHA512

                                    a04dc31a6ffc3bb5d56ba0fb03ecf93a88adc7193a384313d2955701bd99441ddf507aa0ddfc61dfc94f10a7e571b3d6a35980e61b06f98dd9eee424dc594a6f

                                  • C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\aes.js

                                    Filesize

                                    13KB

                                    MD5

                                    4ff108e4584780dce15d610c142c3e62

                                    SHA1

                                    77e4519962e2f6a9fc93342137dbb31c33b76b04

                                    SHA256

                                    fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

                                    SHA512

                                    d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

                                  • C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js

                                    Filesize

                                    20KB

                                    MD5

                                    5808438679a312920a780a7dabe84442

                                    SHA1

                                    aa9947a2bdd00ebe503c5444bdd5cb3938c2f0fc

                                    SHA256

                                    eb4c53d4c6b9202e02e5c89a8f82b791c0a99e0e648070f500c0b2e2a0227924

                                    SHA512

                                    cd4cb9c01cb3eac557c5436cdd7a8c454990ce2c724fd973fa8885e38dd221b0bcfb179587c9f1c7ecc414cc94a7a858528f580d1e8af3684f530764fc6074c1

                                  • C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\content.js

                                    Filesize

                                    3KB

                                    MD5

                                    c31f14d9b1b840e4b9c851cbe843fc8f

                                    SHA1

                                    205e3a99dc6c0af0e2f4450ebaa49ebde8e76bb4

                                    SHA256

                                    03601415885fd5d8967c407f7320d53f4c9ca2ec33bbe767d73a1589c5e36c54

                                    SHA512

                                    2c3d7ed5384712a0013a2ebbc526e762f257e32199651192742282a9641946b6aea6235d848b1e8cb3b0f916f85d3708a14717a69cbcf081145bc634d11d75aa

                                  • C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\jquery-3.3.1.min.js

                                    Filesize

                                    84KB

                                    MD5

                                    a09e13ee94d51c524b7e2a728c7d4039

                                    SHA1

                                    0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

                                    SHA256

                                    160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

                                    SHA512

                                    f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

                                  • C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\mode-ecb.js

                                    Filesize

                                    604B

                                    MD5

                                    23231681d1c6f85fa32e725d6d63b19b

                                    SHA1

                                    f69315530b49ac743b0e012652a3a5efaed94f17

                                    SHA256

                                    03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

                                    SHA512

                                    36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

                                  • C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\pad-nopadding.js

                                    Filesize

                                    268B

                                    MD5

                                    0f26002ee3b4b4440e5949a969ea7503

                                    SHA1

                                    31fc518828fe4894e8077ec5686dce7b1ed281d7

                                    SHA256

                                    282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

                                    SHA512

                                    4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

                                  • C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\manifest.json

                                    Filesize

                                    1KB

                                    MD5

                                    05bfb082915ee2b59a7f32fa3cc79432

                                    SHA1

                                    c1acd799ae271bcdde50f30082d25af31c1208c3

                                    SHA256

                                    04392a223cc358bc79fcd306504e8e834d6febbff0f3496f2eb8451797d28aa1

                                    SHA512

                                    6feea1c8112ac33d117aef3f272b1cc42ec24731c51886ed6f8bc2257b91e4d80089e8ca7ce292cc2f39100a7f662bcc5c37e5622a786f8dc8ea46b8127152f3

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                    Filesize

                                    2KB

                                    MD5

                                    2a84351267d11d034504245817898df0

                                    SHA1

                                    aa9a5493811b03f2b1b2afdcba11cc866ac0b7f6

                                    SHA256

                                    a1fb0910f46a11d25cd0e4c0cde0ff8a7501d982b42fc00312149df1026ca5bc

                                    SHA512

                                    2c0ec928d5d8b31cbf842e067c8a929720a220796d203806f6a6e8560dbfb8762abd7062fc3d43cebaa86aced0ff6599739accb420221df381606b5c3d9aa867

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                    Filesize

                                    2KB

                                    MD5

                                    1ea4ca4555e9d222621c64cf9413b47d

                                    SHA1

                                    c232371b2cfcda6f0afd2ecb5872c7de6d402f36

                                    SHA256

                                    d0ee830fcb66f58ebb5242e77c660cbb00ef1c448bde0a1ae147c9585bdd4e3b

                                    SHA512

                                    b4ce4ecf5609ceac058c2e2bf37d4ba57cabbe86fb608f743375c9c46771c5e479ad170b8985d29e7b62a6e011fa4adad4e65c306e85a0bb3a07b4ef896892c8

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    874B

                                    MD5

                                    c5172952680816814eb6d952430b17b6

                                    SHA1

                                    affaf4e1873f6eef451197857e0ca00cf306b8f1

                                    SHA256

                                    acf266fefd71e8c9077ff671e63aa62e063ae020915300cbc07587dd089d8550

                                    SHA512

                                    9f84821e315192b3eac72e108b93a4699eabf78822b48fb9f855755239843f1167b1a171f167a16e34e3c1e6c5ea6313c8e6c6310a82723dcdbf8df4e47fdd75

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    874B

                                    MD5

                                    477102decebb012b7843a55d186c82e2

                                    SHA1

                                    e92b514ffd045caf3ce1ab02cbfd09582c68cfdc

                                    SHA256

                                    a624a6e0ba688fdba191d7ea3f68d2fe5d9802460d5a749c4d00b35f9deed4f3

                                    SHA512

                                    4a4ccabcf43fb95742d8546139ba07806be4340f4da691e21d13781b3a0da1831e92bb031e0d7d836e003298034093a3e6c93596b69fe57d89d3ff37aed37794

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    874B

                                    MD5

                                    012fcd374ef751d5b9719b89a7f23605

                                    SHA1

                                    a41bbeb6151150698ab1e913ac8315234092c7ed

                                    SHA256

                                    977721a53e402d8040027e84a79fb581962cd74c5c5f2094d145fc88e19656e1

                                    SHA512

                                    6c53f749e61211bc7303357a6882a18aadfae170e36e62328de5ba0140b9068a8cef1dfb1f126082fc606996c4a90cb57fd2a5f6b16439fee32d5a6babf0c1d9

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    874B

                                    MD5

                                    cfaa9827c74a250e475d947bcbf4602d

                                    SHA1

                                    2fc8fae01198d3a7f0201ed10d6328493fa4bca5

                                    SHA256

                                    a99fa24dbd03cd26564a0a1b88c92a031e18e1685edb77d4586135dfa738ba3f

                                    SHA512

                                    95514de2a0647399a96e30a80bfda065facaec3e74d2dc0090e18b399357ce611060ae085c4fe268a2e3801b89bab3ebcc646c69aaa3632324f5b069c340af4c

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    d43e68c93c3b557d0cb3250205c6b1c9

                                    SHA1

                                    e2e51e1522ec96f5b715844d1a006a2639d0e941

                                    SHA256

                                    3f0687267440bfbcda495e47b897880f2b14ed98d0ab9a8770871d07ffc36c7e

                                    SHA512

                                    f98dcd4abaa47f7a966b88502ac3a82d0a0b3378e16068490d6d1b0abcf3687f98e62ec47fafbf47e7cbc2c38e1fb9443425e4a22c01551a6b871ea955f44f37

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    6KB

                                    MD5

                                    a8d28b843849ba5e0fec1a15a8e61233

                                    SHA1

                                    6d9184ace2acb8c4b0249a952d5b82bbadf931da

                                    SHA256

                                    11ed6f455185c7f091923bf73aca0f8f3e41fbb40d87e08a7cef118f55c495a3

                                    SHA512

                                    10a6d2524b546580f30bd3025a95bb525560f311b11758c1c82b7fa8b5efc3a302a68501eee6726382df2db558aa875fe6b67b191aa478aed7b9a1c165b4917c

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                    Filesize

                                    16KB

                                    MD5

                                    1cb8a8299921d6e0c6aebf0d6d422bda

                                    SHA1

                                    84772e39f1361d103801faaeea9ba09a66d0ed2a

                                    SHA256

                                    6130dcd359cad8069de8f4b0dbfcccc8489af3e4be81cfa1862f6276e4172e33

                                    SHA512

                                    62069d87faf3568de4efff4512b088b9b9bc35816818d44c205ac95d6142102be664fd3fe929960548c420940c05b68bf238dadd8ac123b6334a2cb378e560f1

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                    Filesize

                                    16KB

                                    MD5

                                    de1a50c087a4145153b94d9a64525ea9

                                    SHA1

                                    b31dd207dc145767b8e1b6223dd8ff7cb865ffaf

                                    SHA256

                                    666ab78a43cb840dae76643598ea96d5c984c4d68b005d323a26c5bbc80ec2f6

                                    SHA512

                                    36fdc080f52ea2b69d2578dde1187281c6b79c230d8bb81cb5736085ded88f9e739908fe30d13756a6d67b0c0466fbc92114266e40941f42285e4c11ce6fcd07

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    144KB

                                    MD5

                                    d443c5bfc7844ba414e3770fb082b086

                                    SHA1

                                    32f9e1b3196518f0730d0fe96c4399b85f51ad8c

                                    SHA256

                                    ce4442171ec2d778ed6ce08933390aa88c619e914ef683c03e988b1f0ae3d143

                                    SHA512

                                    923764b2c9b9aa2b8455294878f10fc79068de78ff340570f962bd05e87a7a87c12e44d9db8d8460a3b14726225a912980d96778048e23eda325bcf45a95e834

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    72KB

                                    MD5

                                    dca3768d1fd90ce7318d7f935a4ec2bf

                                    SHA1

                                    ee0c332158c3016ef4a9eae837a98dc629a2d191

                                    SHA256

                                    812a31ab7f96dc3430b7f589b8fc5418df82e3f00b2b6871ac0943e9aaebdf45

                                    SHA512

                                    39098d0d2d4589f3bf586eebfc229d7ea59399c170a4a1a0819fa34a4f89821169f355118b060ef446dcbe0dec654a12a7e7e2d7b97986655c3f4f0a19c542f1

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    144KB

                                    MD5

                                    31763a4b3ffd76ece11c18bb9e4ed782

                                    SHA1

                                    8c391e46c7e0882ba191350861ecaae7550ff628

                                    SHA256

                                    73d022a65085b7f0d7a4ee4cdd3e4a2241d05812bee642f377d86232b8ad9ae9

                                    SHA512

                                    b9f434d3d67c6d3a27d68181a6965c3550b602c966e32adb0cdc0613f0f908e77699d3704a1e9c2c63050828e790d4c3de9698aef2c77b21d1f6f655cbfb231f

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    143KB

                                    MD5

                                    f37ef021e8dade91ebcd4d6357bd2fd7

                                    SHA1

                                    4d49fbb377a3936be1864d5a70e562c34c87acec

                                    SHA256

                                    b5ff2a0eb109993cc50a048da5448132994d1d346a49d4ca379e4324925c6f9a

                                    SHA512

                                    4c414d50d12b3882dcb579fcc648c7964b2ed9b350459217763e8bb7c3f0bd50848b7ba09419bcb3f350ccd4c2ed80d3f81e59db9a3ffa0b6d172768c484e62d

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                    Filesize

                                    2B

                                    MD5

                                    99914b932bd37a50b983c5e7c90ae93b

                                    SHA1

                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                    SHA256

                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                    SHA512

                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                  • \??\pipe\crashpad_5112_LPOIBUTHTMWLGFXD

                                    MD5

                                    d41d8cd98f00b204e9800998ecf8427e

                                    SHA1

                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                    SHA256

                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                    SHA512

                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                  • memory/1564-167-0x00007FF9E1B70000-0x00007FF9E1B71000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/2672-214-0x00007FF9E1180000-0x00007FF9E1181000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/2672-216-0x00007FF9E1DF0000-0x00007FF9E1DF1000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/3344-338-0x0000028603320000-0x0000028603321000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/3344-343-0x0000028603320000-0x0000028603321000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/3344-342-0x0000028603320000-0x0000028603321000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/3344-345-0x0000028603320000-0x0000028603321000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/3344-344-0x0000028603320000-0x0000028603321000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/3344-346-0x0000028603320000-0x0000028603321000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/3344-348-0x0000028603320000-0x0000028603321000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/3344-347-0x0000028603320000-0x0000028603321000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/3344-337-0x0000028603320000-0x0000028603321000-memory.dmp

                                    Filesize

                                    4KB

                                  • memory/3344-336-0x0000028603320000-0x0000028603321000-memory.dmp

                                    Filesize

                                    4KB