hxxp://www[.]google[.]com/complete/search?client=help&hl=en&gs_rn=55&gs_ri=help&requiredfields=productId[:]410864&ds=help&cp=6&gs_id=o&q=disbal&callback=google[.]sbox[.]p50&gs_gbg=DAuIs84QAyYjFKB39"

Resubmissions

08-03-2023 16:05

230308-tjvr5abd55 1

08-03-2023 15:43

230308-s59yhahh51 1

Analysis

max time kernel
150s
max time network
141s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
08-03-2023 15:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.google.com/complete/search?client=help&hl=en&gs_rn=55&gs_ri=help&requiredfields=productId:410864&ds=help&cp=6&gs_id=o&q=disbal&callback=google.sbox.p50&gs_gbg=DAuIs84QAyYjFKB39"

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133227638435796081"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2116	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2160	chrome.exe
2160	chrome.exe
2664	chrome.exe
2664	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2160	chrome.exe
2160	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe
Token: SeShutdownPrivilege	2160	chrome.exe
Token: SeCreatePagefilePrivilege	2160	chrome.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe
2160	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 2292	2160	chrome.exe	66
PID 2160 wrote to memory of 2292	2160	chrome.exe	66
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 1408	2160	chrome.exe	68
PID 2160 wrote to memory of 2168	2160	chrome.exe	69
PID 2160 wrote to memory of 2168	2160	chrome.exe	69
PID 2160 wrote to memory of 3540	2160	chrome.exe	70
PID 2160 wrote to memory of 3540	2160	chrome.exe	70
PID 2160 wrote to memory of 3540	2160	chrome.exe	70
PID 2160 wrote to memory of 3540	2160	chrome.exe	70
PID 2160 wrote to memory of 3540	2160	chrome.exe	70
PID 2160 wrote to memory of 3540	2160	chrome.exe	70
PID 2160 wrote to memory of 3540	2160	chrome.exe	70
PID 2160 wrote to memory of 3540	2160	chrome.exe	70
PID 2160 wrote to memory of 3540	2160	chrome.exe	70
PID 2160 wrote to memory of 3540	2160	chrome.exe	70
PID 2160 wrote to memory of 3540	2160	chrome.exe	70
PID 2160 wrote to memory of 3540	2160	chrome.exe	70
PID 2160 wrote to memory of 3540	2160	chrome.exe	70
PID 2160 wrote to memory of 3540	2160	chrome.exe	70
PID 2160 wrote to memory of 3540	2160	chrome.exe	70
PID 2160 wrote to memory of 3540	2160	chrome.exe	70
PID 2160 wrote to memory of 3540	2160	chrome.exe	70
PID 2160 wrote to memory of 3540	2160	chrome.exe	70
PID 2160 wrote to memory of 3540	2160	chrome.exe	70
PID 2160 wrote to memory of 3540	2160	chrome.exe	70
PID 2160 wrote to memory of 3540	2160	chrome.exe	70
PID 2160 wrote to memory of 3540	2160	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://www.google.com/complete/search?client=help&hl=en&gs_rn=55&gs_ri=help&requiredfields=productId:410864&ds=help&cp=6&gs_id=o&q=disbal&callback=google.sbox.p50&gs_gbg=DAuIs84QAyYjFKB39"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff845919758,0x7ff845919768,0x7ff845919778
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1752,i,16318216899268986898,8452813783974691130,131072 /prefetch:2
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1752,i,16318216899268986898,8452813783974691130,131072 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 --field-trial-handle=1752,i,16318216899268986898,8452813783974691130,131072 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2660 --field-trial-handle=1752,i,16318216899268986898,8452813783974691130,131072 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2668 --field-trial-handle=1752,i,16318216899268986898,8452813783974691130,131072 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1752,i,16318216899268986898,8452813783974691130,131072 /prefetch:8
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1752,i,16318216899268986898,8452813783974691130,131072 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1752,i,16318216899268986898,8452813783974691130,131072 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4244 --field-trial-handle=1752,i,16318216899268986898,8452813783974691130,131072 /prefetch:8
  2⤵
  PID:1516
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\f.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3548 --field-trial-handle=1752,i,16318216899268986898,8452813783974691130,131072 /prefetch:8
  2⤵
  PID:308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1752,i,16318216899268986898,8452813783974691130,131072 /prefetch:8
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1620 --field-trial-handle=1752,i,16318216899268986898,8452813783974691130,131072 /prefetch:8
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5096 --field-trial-handle=1752,i,16318216899268986898,8452813783974691130,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2664

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3016

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1220

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
PID:3488

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
75467e5c7669f8f7d474fa5ab59aa86e

SHA1
507db365a293c4b59b6e25a0065a876684611d10

SHA256
a8cad24a43155b13c8689a02f52f68157be2ce806146c226f039bbe0122db41f

SHA512
a9455eddf693ab1bb437d9ab3aefbad61f85426cc3a95ff8b6a5a2851944922b467b4b9bf6c17f86350111a6d6de937624975b60bb8a236d74715d1382888faa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d98accbd5202aa5c12f4e601673b4c5f

SHA1
ec30234a221ef754003d9f311121338236f07999

SHA256
711ac035c7322bf032cb46cea6c8c8a990bb21e4381406154121c87d2ae4f13e

SHA512
6dd2812de4cb5dc23c6dcaa04777408d10ca43f8a8bfa413fdb4659ca4cfc1eeb5f720b760cf0ed8cb719606f6b849541b18e265f092aaae7438f69bf8d6fd9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ca3caed7da016482afced3189ba23437

SHA1
1a305edbd9c650245a40b6e2b3f3307fc9e0739e

SHA256
8bba36e468e5bd6eeffeab338ecc1839533abbadb77ccc091dbf9423015bcda4

SHA512
d0a002b9ec3d1f83e3a05e2ffea82b9957c1ac64e6dd99350ba375f55efbccd7007327f6d9c69937e593bd74ca3f6fc0c1ffd92bce8f5192cd9c669c19782589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
aa824c4616bb2816874e173402e59d3c

SHA1
d5ee938ec06220334727630638d2b4c2816e00bb

SHA256
2f719529bac893f77d66c07dc83deae29a62059dcfa9a188bc41a03a46f620d5

SHA512
69e6c133be2b75aa0fd6ec2b995640e3c6736fdc403ed3336f61ef2040649fd1360ce78e6da9c40bca976100e6a127da812a56a0388cc7c2c1afe23545d8e4e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
2db7a1043dad833f52481e2aca6428a4

SHA1
c02270e4b530afd83fab4f4ba8b75703fb25e37e

SHA256
bf1b58fb131631b8d734c8e51fee76b3a677fe51eca9fc452ca7348812aed10b

SHA512
bd4f738aabc7b1f3ae663900302258fd47ddddf28d7bf87f813824e8ad1c0d2b76569344808e97c21a447a80a907ea493dc691bf90c3bdbc04a1787b4d0e266a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
3d9d9604fb21de389fe11ac790781443

SHA1
30c5372b3a7a9b009821f82b23dd1f5c5b664698

SHA256
4a5afd2e42cbaa51ab45f03c9724913acdb2ead429e85efc303445c37abc5253

SHA512
6bbacc5c0602b806aeb0ba81a37784795a1fa31bd59bfd6b1e1948021877b163fb3240408c1c7cb7787ba843ee87bf19a907f7e3d3363759df650a7803ccae12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
a99038bfde67deba089619f010f45cec

SHA1
9e8e64e32335ca0489007d847bd20528f037fcfa

SHA256
33cc1cdc4ed2cdd58ab220fd6dc81045be4fc38d53a44e2683180a60dcad91ae

SHA512
b98d9c4122a26f20a9fd3acf429276f832b0da9e21dfbac34e109a8a0e30e8ac5028c34b65ec37b0c55bf18ceab3f38e778d401bfeadf79673d8c1f5d6a623e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57735b.TMP

Filesize
100KB

MD5
70408467b33bf4bff8e4a3f284b29ddd

SHA1
f098bcb7309b511b1a77703c3bce92e454fca712

SHA256
09d73aadb6f4318055e83e68f0c8b82b09cb498a8bb1b1e4a1680fb5c3f1c64e

SHA512
f8d0f9646efe87e82f0f85fde2d6f32ff41a50b3fb31e3a0f3bd0766f60f0682c5b97cdd5fe7735229b474019e7594732bb6413b294aaade1ab50580a743532d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\f.txt

Filesize
93B

MD5
92da51ab8a4c9f990e0e604c48063d30

SHA1
7d0ecd5f67aa870d00c5843402f2bd5c8259e6a8

SHA256
816c04e8acc8eefec1b977c877f9ea9cf510adc5a94cc8faddc6b4cc1c24a4c2

SHA512
7458683d1adcc399e3799be924f9bfa180fe0c54386a3209bf71a47d1df0ae4f140f4887f53db287b148118fa53d01b40c34f5bda106df1a98d1d759043efa8e

Download Submit
C:\Users\Admin\Downloads\f.txt

Filesize
93B

MD5
92da51ab8a4c9f990e0e604c48063d30

SHA1
7d0ecd5f67aa870d00c5843402f2bd5c8259e6a8

SHA256
816c04e8acc8eefec1b977c877f9ea9cf510adc5a94cc8faddc6b4cc1c24a4c2

SHA512
7458683d1adcc399e3799be924f9bfa180fe0c54386a3209bf71a47d1df0ae4f140f4887f53db287b148118fa53d01b40c34f5bda106df1a98d1d759043efa8e

Download Submit
memory/1408-130-0x00007FF84CA40000-0x00007FF84CA41000-memory.dmp

Filesize
4KB

Download