hxxps://flawa-iq[.]us19[.]list-manage[.]com/track/click?u=5d11072fec05f8893e30a2410&id=0392ab233d&e=2b3cae70f5

Analysis

max time kernel
80s
max time network
79s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2023, 14:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://flawa-iq.us19.list-manage.com/track/click?u=5d11072fec05f8893e30a2410&id=0392ab233d&e=2b3cae70f5

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133225914185576026"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1580	chrome.exe
1580	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe
Token: SeShutdownPrivilege	1580	chrome.exe
Token: SeCreatePagefilePrivilege	1580	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe
1580	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1580 wrote to memory of 2416	1580	chrome.exe	86
PID 1580 wrote to memory of 2416	1580	chrome.exe	86
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 2164	1580	chrome.exe	87
PID 1580 wrote to memory of 972	1580	chrome.exe	88
PID 1580 wrote to memory of 972	1580	chrome.exe	88
PID 1580 wrote to memory of 116	1580	chrome.exe	89
PID 1580 wrote to memory of 116	1580	chrome.exe	89
PID 1580 wrote to memory of 116	1580	chrome.exe	89
PID 1580 wrote to memory of 116	1580	chrome.exe	89
PID 1580 wrote to memory of 116	1580	chrome.exe	89
PID 1580 wrote to memory of 116	1580	chrome.exe	89
PID 1580 wrote to memory of 116	1580	chrome.exe	89
PID 1580 wrote to memory of 116	1580	chrome.exe	89
PID 1580 wrote to memory of 116	1580	chrome.exe	89
PID 1580 wrote to memory of 116	1580	chrome.exe	89
PID 1580 wrote to memory of 116	1580	chrome.exe	89
PID 1580 wrote to memory of 116	1580	chrome.exe	89
PID 1580 wrote to memory of 116	1580	chrome.exe	89
PID 1580 wrote to memory of 116	1580	chrome.exe	89
PID 1580 wrote to memory of 116	1580	chrome.exe	89
PID 1580 wrote to memory of 116	1580	chrome.exe	89
PID 1580 wrote to memory of 116	1580	chrome.exe	89
PID 1580 wrote to memory of 116	1580	chrome.exe	89
PID 1580 wrote to memory of 116	1580	chrome.exe	89
PID 1580 wrote to memory of 116	1580	chrome.exe	89
PID 1580 wrote to memory of 116	1580	chrome.exe	89
PID 1580 wrote to memory of 116	1580	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://flawa-iq.us19.list-manage.com/track/click?u=5d11072fec05f8893e30a2410&id=0392ab233d&e=2b3cae70f5
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbcaab9758,0x7ffbcaab9768,0x7ffbcaab9778
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1828,i,5280121553408609331,9151845436527769542,131072 /prefetch:2
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1828,i,5280121553408609331,9151845436527769542,131072 /prefetch:8
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1268 --field-trial-handle=1828,i,5280121553408609331,9151845436527769542,131072 /prefetch:8
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1828,i,5280121553408609331,9151845436527769542,131072 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1828,i,5280121553408609331,9151845436527769542,131072 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4544 --field-trial-handle=1828,i,5280121553408609331,9151845436527769542,131072 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3460 --field-trial-handle=1828,i,5280121553408609331,9151845436527769542,131072 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5368 --field-trial-handle=1828,i,5280121553408609331,9151845436527769542,131072 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 --field-trial-handle=1828,i,5280121553408609331,9151845436527769542,131072 /prefetch:8
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 --field-trial-handle=1828,i,5280121553408609331,9151845436527769542,131072 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 --field-trial-handle=1828,i,5280121553408609331,9151845436527769542,131072 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2712 --field-trial-handle=1828,i,5280121553408609331,9151845436527769542,131072 /prefetch:1
  2⤵
  PID:1180

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4644

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
160KB

MD5
7f27adb1216e4ddb02884fd68a1ec297

SHA1
a33a85dfc58ca995fa184035b8fdb896866c361f

SHA256
aeea36b977f073b902c2c5536b21f43e931fc2ac5ba3601db228e686457e9bc8

SHA512
c1327064f05a62fe28f99830a33ad72b36f9345bb1c7de779461febfae5eea985aaf4a67f069f0e2cfec74b72b3f2d61822a4ff6689ff909c0b9d13ece5ba724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4337cd0e1f651dc8b4bd21d0ce07f0f6

SHA1
acc193c1ab6ab7fdf23e802ec0fd70a389acc682

SHA256
be062e1b52f928c732b4fc70047d8c9e8c8dae0b32fd6dc11a12cd83259373cd

SHA512
bb45c6b4e32ecf9daa908e30c41a4b08ce7a7effe36b2bb9cba8bb16b9f9e5b9748923ae21f427e3abd4ed0992d2a2a4111f93a4ec24199ecf6cf68c29eb2e21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
56f390a3979efb088a0ab25095f6bba8

SHA1
41960b4d3aeeb3531e1c1b9ef488b566ec57ceb7

SHA256
2cd2d043dff2a3d98588a5eb980d252185e1ac6da339017ea77cb3a81ff10806

SHA512
1998d3a9d2a9fa4f89bffc7dc9ae73326d151c0c9dc66852c2b1c414e334b6528a391577396e47b4a4da94da9c630e7ce1c58890f6dc10c38e5d799b78272fd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
f12f7b2ff9a98696904b04db585c42d4

SHA1
bebf380adef74c9ac62c6881f4ae03ace7660ed6

SHA256
f1e66ed4078aae243ddfb9173b2800f58023d1ecf61ec56594fb9d73a08fe9d6

SHA512
2d21e2f13f37116b117ee66c16305c88fa80c75b13bea4ce3580081cfbc509e75a07df2ff3b324fdb562289e042a11b3be11b0263fc77eeaf844f3d23cafb738

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3e170c3b0a7c92561da2f9a8c4e39a3f

SHA1
37e4a012064dd8603c612a4593176af6d2706266

SHA256
f74da9c8c277ed54d85acf65664979f2d7ae87653e0e2b54d9b928edff076d5d

SHA512
6eafb6c6ad366a2bc361626b9138a7904cb46dd7abd3a698bc988f9eabbda1a032905d6d317543fbbb2521f7b10dbbbda490c595b77ef7216623d801ee76dd14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9ba96ead33c902be62ebcdbbaecb9091

SHA1
5e46232f1554335a4d35014005676782db66bec4

SHA256
2c62cafec7bdccbff9856ae788cf714ea72a800cfa40616c4939efc9c74ef186

SHA512
e84ccb2111e7b10d65b1b5446ec64af3f0362cee7c13be92616150241959fbb5e671388057de35083972b6c96912a1d20aba21ddb278c1e0da81f5130f6ec09d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f8ee299beb54099af6587cdd75933adf

SHA1
d75a1249cdec5057e6d757eae88feccaab3d03a6

SHA256
60221b1f98a86a44370df58401c71135f1c0e9852c584a22461985556738619f

SHA512
b2082f854ceed72eea6022e66c12601d71a44dad4d890f0bfc14e8c195aba2df6de7bc27d100719217ff6a498f900705f9cc1ed3457fb76ee403a6a7b68bd415

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
40adadf79b967a562a0b7c3118629dfb

SHA1
8ca81a297c90e9642ff38bad7670f62179ed6928

SHA256
173559410224ac99c7d8883dbe78d8b8f7ea99ebd159be0cb8b0631f0408a376

SHA512
6c2e26f04adcd43c8d99a06f2689e8393f488befbdfb0d5b3d8c4d0b65a6b01804ece862eed321e8fb7abb730f7838d9bb74b3a2db171b79d3efe9565a9351d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
22137c921dca863c4808d191e4c651a3

SHA1
7665f7613c8a6d463a9a11646bd71701d24f908c

SHA256
4a4cc953398729ac3d99b9c95b6324142810b6451a8a81fb1a96336b17395f2f

SHA512
9a02427bba1c5fbeaa0d635999da083578d090e52b7379b6106eea34ffa513aeb315d23d55153d2050cc21680ef31c6949b518814187c2e66a6791cbb72548a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
e693fd68360c5e65e6865449836bbec5

SHA1
8abdc37e18bb1c427363b4083046a9efc04f56d9

SHA256
1f3e11ebc4e5f2cc0bfd927f67a483bae3f375da4dbe9401023dcd396e8a2620

SHA512
7777481db56448e92abe8a7ab025fd5c9977a5c6f3978dcb56ff6a5562229e5e383dedfd0ca377d3fd47dc651352415023709d8a8c85fc85f08bc4078006bbcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
c9520bc811670490f3808e5f35201755

SHA1
7fc7d2e8382d5d8ca6d05dee9e5c955c2eee405e

SHA256
19e40232eea41797c51639e6eb697c4b5dc08aee69fd7b4839628677243e8916

SHA512
9a0a327cfc438ae6b10eea0539121301e8e5670e9babaf4e6f683d047ee003da8fc85131153f1477c6b4e92eb4b603dbd0d6b1b1c6c5a5d1035ffde70473dd5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5771f4.TMP

Filesize
101KB

MD5
e53da7c757cd63c8226919aac2d9a16f

SHA1
73ed9e8e37538c0bbed80322187fb463d0f21949

SHA256
119436bc4c4c9cedc16cc55e721c3343f34c6219d58d432154a7d121f70bc53c

SHA512
48a731392ace9df672242c19c9c469c806b63c022903c5432e472aab933ee85adc72544543d58422db85c7b28ed9d1a947775b3fd8ad0b9adda830ae6a0ad4b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/1544-244-0x00007FFBE7480000-0x00007FFBE7481000-memory.dmp

Filesize
4KB

Download
memory/1544-243-0x00007FFBE79F0000-0x00007FFBE79F1000-memory.dmp

Filesize
4KB

Download
memory/2164-137-0x00007FFBE6FB0000-0x00007FFBE6FB1000-memory.dmp

Filesize
4KB

Download