hxxps://solutions[.]interactiveservices[.]com/demos/chameleon_gold/c3545ae0-db30-11ea-b989-f1b451df30c0/index[.]html

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2023, 11:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://solutions.interactiveservices.com/demos/chameleon_gold/c3545ae0-db30-11ea-b989-f1b451df30c0/index.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133228382135801949"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1480	chrome.exe
1480	chrome.exe
4084	chrome.exe
4084	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1480	chrome.exe
1480	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: 33	5116	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5116	AUDIODG.EXE
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe
Token: SeShutdownPrivilege	1480	chrome.exe
Token: SeCreatePagefilePrivilege	1480	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe
1480	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1480 wrote to memory of 2140	1480	chrome.exe	86
PID 1480 wrote to memory of 2140	1480	chrome.exe	86
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 628	1480	chrome.exe	87
PID 1480 wrote to memory of 320	1480	chrome.exe	88
PID 1480 wrote to memory of 320	1480	chrome.exe	88
PID 1480 wrote to memory of 4256	1480	chrome.exe	89
PID 1480 wrote to memory of 4256	1480	chrome.exe	89
PID 1480 wrote to memory of 4256	1480	chrome.exe	89
PID 1480 wrote to memory of 4256	1480	chrome.exe	89
PID 1480 wrote to memory of 4256	1480	chrome.exe	89
PID 1480 wrote to memory of 4256	1480	chrome.exe	89
PID 1480 wrote to memory of 4256	1480	chrome.exe	89
PID 1480 wrote to memory of 4256	1480	chrome.exe	89
PID 1480 wrote to memory of 4256	1480	chrome.exe	89
PID 1480 wrote to memory of 4256	1480	chrome.exe	89
PID 1480 wrote to memory of 4256	1480	chrome.exe	89
PID 1480 wrote to memory of 4256	1480	chrome.exe	89
PID 1480 wrote to memory of 4256	1480	chrome.exe	89
PID 1480 wrote to memory of 4256	1480	chrome.exe	89
PID 1480 wrote to memory of 4256	1480	chrome.exe	89
PID 1480 wrote to memory of 4256	1480	chrome.exe	89
PID 1480 wrote to memory of 4256	1480	chrome.exe	89
PID 1480 wrote to memory of 4256	1480	chrome.exe	89
PID 1480 wrote to memory of 4256	1480	chrome.exe	89
PID 1480 wrote to memory of 4256	1480	chrome.exe	89
PID 1480 wrote to memory of 4256	1480	chrome.exe	89
PID 1480 wrote to memory of 4256	1480	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://solutions.interactiveservices.com/demos/chameleon_gold/c3545ae0-db30-11ea-b989-f1b451df30c0/index.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbb7759758,0x7ffbb7759768,0x7ffbb7759778
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,1322672484199509224,12292143270500354023,131072 /prefetch:2
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,1322672484199509224,12292143270500354023,131072 /prefetch:8
  2⤵
  PID:320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1812,i,1322672484199509224,12292143270500354023,131072 /prefetch:8
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3228 --field-trial-handle=1812,i,1322672484199509224,12292143270500354023,131072 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3232 --field-trial-handle=1812,i,1322672484199509224,12292143270500354023,131072 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1812,i,1322672484199509224,12292143270500354023,131072 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5140 --field-trial-handle=1812,i,1322672484199509224,12292143270500354023,131072 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1812,i,1322672484199509224,12292143270500354023,131072 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5264 --field-trial-handle=1812,i,1322672484199509224,12292143270500354023,131072 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=836 --field-trial-handle=1812,i,1322672484199509224,12292143270500354023,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4084

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2668

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x4e4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5116

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
118KB

MD5
cc662499e651a8d4edaaa9612a286878

SHA1
5ea522b5e67ff7d0d1bca2744d9b42fe707b22f3

SHA256
54d5bbb6ad093eb331e2a48e0ccac00dbf9d2b11e1ea7247e04fbe2bc094c04f

SHA512
4d876a22770c2b6507bb7d62036fc826f86e5348a6e655065ec5980428c63c939537e3bb640b837615f295cc53f50c94f680b5209f36f02e6f51d64f09e0f46e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ac69621f3f4d6087f9e485ff5c6cfff2

SHA1
3e44db2840ed919f4a9b786aa324a7bfcd6afaa4

SHA256
5dd7dcd8071d581fdcc7ff1cd40e41e566900d0e43d717ce85b715199c2e0578

SHA512
489b326fd10a7a0ab592922fde31123cfeb935d675757a2df075000de1df11fc6ed9adff1b4573075d57a326a6bbbebea84694cadf07174139ab7d159a01ffe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0b177a5a91676e48cd83071ab9f0d97d

SHA1
fdb2b0a6033afb74f05013e34aaf8ca4fbc0df95

SHA256
6b7848059f90a1c4303932c0f2427160f18a166a2551c34f9a8b31d6b1c0d834

SHA512
ca74c999a4879cdd78205196453081d84122f5e68bc226405027e5695581460ba994beab7663073e068aab5a1159745c8e585c7f9547bf4fd0b4ca3d5fc3a4c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
78fae16188ac96fee88ddab0a7f059ad

SHA1
5630435876a5b3ec38b45fa07030aa22260858a8

SHA256
da3acb28ed005837e49c7ce92633f9705072b3f1556ce1305878024f3f8f3e0b

SHA512
923ff0f0f6d1d1bd026372e49382124ac403446ead8bf636d5a3c03f9a7b1f1cd6b6fa6d256bdaf039081c369b81454ca86a2da68757463f2cc7731b8b13118f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a5b0d3c17c732ed503fafdd71f646e07

SHA1
9fafd3ffe6954b55c834d67c97f61b505c4ae571

SHA256
b4b0d137f90ff9d296d2177a89b14c5f89e3d54a55bf35d94d21e22d168ff3f4

SHA512
9e06280831f5641461bfe5b4f85ebf66fccfbeeb225d25529684609ce2e86d8311013f60ab03d60fc985225d7d0078b73c3c696f6fc350fc3a185517bcbc3187

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
491dca2357fe87c0114eec084df8be21

SHA1
6224c2c9d00cce33465905a91085b2c99ca43aee

SHA256
c934a6df1f03426d590117d1e36844ee81e75866426a6173ccf58d5716a8ae25

SHA512
f323f30f63538231510c8480fb0445a1912b4efaa22ec4087b53a7a8d92cf7001a3d22c54700bb06c6c5191bd0c5099d91903d3a78e8330be766b513d84a1565

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b18a9402fc037ad379a3dd9645e5e7f0

SHA1
c4f345641fdbd9fc54b74d36e5778542f9224c86

SHA256
579d19e01bbfab84a27fbefdb8afc216b6f97b2fa042f652223e7992d674e786

SHA512
a8d4d2c0dd1b56eb0086e57255032272985ea1d407453ec6bb8394cb20b84acac7eb9006a9220fc3ec483ce512019fb4ce6b17f44843063fc014636b2f1e7269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b8572be53b8533e086a3718de020c553

SHA1
48a2aadaf170d9cf1fe480632d8d8171f84350f0

SHA256
e56122a5ede0f8e9e6c03d520a4385c210708fac83f9064b56effa511771c319

SHA512
a975b2619a1f8b243f284baedb1106ca94c32b643587f0419059ce19366b5ba0290330602b80fe5f313d13a32a5a37ca7eb081b10d21ba9373fdcaa44b5b03d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d6e206f679ad32fa169ef6e2190bc673

SHA1
18adcdca887a6f2bb0f79f75ef40960d96f48ef6

SHA256
ad5ab2cf6e1c92dfd19e2daabd3dd976a05e800ec919b5c8581878a4694f97b7

SHA512
58b56d880b3a36f6b41da1edee94bd0467f4ac665576d699c815c5abd238f8fa41980d02d8c2cfb6f115ad425ee154196a1825a887383a68eebf09f160c7ab34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
c5c4d3d65e8c25f012e233102a7911a9

SHA1
1d47190460ac03a5a3c89bbfc783ad0a81976ad2

SHA256
06e9bef91623554bdbc241b35ef55e7e0d4b1fddcd37d7a2ff6ebeee24ee7599

SHA512
0376a7285329ead3d9e2904b2e10fcbf18468b4b5829ab71d00717fe0a47e4ffff5f26a1da07e995f10ef17c1163e35b4b0c1ea0f6dc78513f36f1f4920bd609

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/628-136-0x00007FFBD5D10000-0x00007FFBD5D11000-memory.dmp

Filesize
4KB

Download
memory/4084-407-0x0000018BAC5F0000-0x0000018BAC5F1000-memory.dmp

Filesize
4KB

Download
memory/4084-405-0x0000018BAC5F0000-0x0000018BAC5F1000-memory.dmp

Filesize
4KB

Download
memory/4084-406-0x0000018BAC5F0000-0x0000018BAC5F1000-memory.dmp

Filesize
4KB

Download
memory/4084-412-0x0000018BAC5F0000-0x0000018BAC5F1000-memory.dmp

Filesize
4KB

Download
memory/4084-411-0x0000018BAC5F0000-0x0000018BAC5F1000-memory.dmp

Filesize
4KB

Download
memory/4084-414-0x0000018BAC5F0000-0x0000018BAC5F1000-memory.dmp

Filesize
4KB

Download
memory/4084-413-0x0000018BAC5F0000-0x0000018BAC5F1000-memory.dmp

Filesize
4KB

Download
memory/4084-416-0x0000018BAC5F0000-0x0000018BAC5F1000-memory.dmp

Filesize
4KB

Download
memory/4084-415-0x0000018BAC5F0000-0x0000018BAC5F1000-memory.dmp

Filesize
4KB

Download
memory/4084-417-0x0000018BAC5F0000-0x0000018BAC5F1000-memory.dmp

Filesize
4KB

Download
memory/4192-331-0x00007FFBD4020000-0x00007FFBD4021000-memory.dmp

Filesize
4KB

Download
memory/4192-333-0x00007FFBD4870000-0x00007FFBD4871000-memory.dmp

Filesize
4KB

Download