hxxps://lehengafashion[.]in/wp-admin/css/dkr/kr-rd[.]html#jeong-heun[.]kim@hitachienergy[.]com

Analysis

max time kernel
149s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2023 10:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://lehengafashion.in/wp-admin/css/dkr/kr-rd.html#[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133236991099013405"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

2244 chrome.exe
2244 chrome.exe
2244 chrome.exe
2244 chrome.exe
676 chrome.exe
676 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

2244 chrome.exe
2244 chrome.exe
2244 chrome.exe
2244 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2244 wrote to memory of 4316	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 4316	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 184	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 216	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 216	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2492	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2492	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2492	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2492	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2492	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2492	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2492	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2492	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2492	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2492	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2492	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2492	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2492	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2492	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2492	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2492	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2492	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2492	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2492	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2492	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2492	2244	chrome.exe	chrome.exe
PID 2244 wrote to memory of 2492	2244	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://lehengafashion.in/wp-admin/css/dkr/kr-rd.html#[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd9c99758,0x7ffcd9c99768,0x7ffcd9c99778
2⤵
PID:4316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 --field-trial-handle=1836,i,2277018017921656028,13999528859000122041,131072 /prefetch:2
2⤵
PID:184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1836,i,2277018017921656028,13999528859000122041,131072 /prefetch:8
2⤵
PID:216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1836,i,2277018017921656028,13999528859000122041,131072 /prefetch:8
2⤵
PID:2492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3248 --field-trial-handle=1836,i,2277018017921656028,13999528859000122041,131072 /prefetch:1
2⤵
PID:4668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3268 --field-trial-handle=1836,i,2277018017921656028,13999528859000122041,131072 /prefetch:1
2⤵
PID:4012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4568 --field-trial-handle=1836,i,2277018017921656028,13999528859000122041,131072 /prefetch:1
2⤵
PID:3796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3284 --field-trial-handle=1836,i,2277018017921656028,13999528859000122041,131072 /prefetch:1
2⤵
PID:2000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5260 --field-trial-handle=1836,i,2277018017921656028,13999528859000122041,131072 /prefetch:8
2⤵
PID:2176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 --field-trial-handle=1836,i,2277018017921656028,13999528859000122041,131072 /prefetch:8
2⤵
PID:4196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 --field-trial-handle=1836,i,2277018017921656028,13999528859000122041,131072 /prefetch:8
2⤵
PID:4584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1836,i,2277018017921656028,13999528859000122041,131072 /prefetch:8
2⤵
PID:4416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1836,i,2277018017921656028,13999528859000122041,131072 /prefetch:8
2⤵
PID:4392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2916 --field-trial-handle=1836,i,2277018017921656028,13999528859000122041,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:676

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4584

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
a6fd3eaef613c947be55fcf5bb58d0fe

SHA1
f0cf4245625c6e652054c1c805e790d3fe7d7ba2

SHA256
2289fde774ff4b2d6cd5181dd87535eabb71bb222e1c6ef58cf0a252e4a50ac5

SHA512
0182c31ad600cdbaec9c6e6650df8a4b174502c629dec0bc7165953cef19b7fb72e4c0dd62ed7c07c3bd31de47b1d8afcf45233c4d5773a6b7819167a3278cb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
d337f0bedd313d788d44b7de3d2b6055

SHA1
5a418458b195367d394695466dee44629bac37c6

SHA256
c4d3fbc29b9075e1b602c6bc10e9fbbf994006c3e55dc77dff32cb22db576337

SHA512
01d5b195d524e58420487c1697c2a3d3a63381ca8c7133de0213b2bdfa4e83285b9d714229c9b03bb60550ed24e2799b944d282d5556720cb35bf08203c2b63d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
538B

MD5
3fb925cfa02eac9c515f8fd01ca7fb0f

SHA1
db7c80ca91f61072af6b6366d11542d2da2e2cc8

SHA256
40fe5f505cf813f9d46e854d1f65c2ce4e5085119ba59a014e645d2a4e1d995f

SHA512
29f37f66653442327e9c6ec06ce0d5b6f00577c70175189644b5b4e75b5aa665ec3364c06eecf5ab4eee4aca566e5266ed6bdc001f238cbc53a6613e9c4c0cc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
538B

MD5
07ba1aa0c9541d2133941e76b57247c2

SHA1
daa9cbca9ca0b75cdd45246a1975e65ffd64dc08

SHA256
321cfc9c70ac4b3ebe738897f3a0d1bf9217515a26a296c34a121acf4911509c

SHA512
24556111e9aa60ee95602d88538fd5cb3b50d33426b53e57b33267e14f3a41cb327d82049722665aef310d506f157ffa69becaaefbb4c489c6b753d9a0042c53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
28a430bee13e1c3f6607cb30f9fc71cf

SHA1
720bb9ad810259e693c8b5097e4924e43bc47953

SHA256
015de8002b4de113f99489fab48306a73b3b8f39e0242e7e7a708c3437e8c7bc

SHA512
e3b1eb72d0e8fbfa05a9521f4c154c1b0a54ea7c1628c9b41bb6d7a971a08263cd5de1e2b2a3073f93ac6419b255c280bec36d263e342b1ebb13230e8d6712fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
d0b1e9ea143b4b37dd73e22ede5a42c4

SHA1
5f557a3ed6b6f53b4b9bd8d9bf8d2c9c4ab029d7

SHA256
c9b41fc65f2eb0c0546b768d0730f13b2a9bf853e299b97c5ed2d84ee9e7f990

SHA512
6c7ba71405e9d85e26aa3ec006ab7d16cda09c01c3ce5649382c95a58eaa3169487c04432665cfb07256d5ef1539b80a657e4d0a382f72b637e673ca3897315c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
8eaca5c655188f34b0a59f364fdb32bb

SHA1
5a8e867169e89969759d356b31f3df633e835cdb

SHA256
b6972d39beb74dd41dd6b60c9c04b30f6c56235c7e0f8524683ab646d85283bd

SHA512
23fc7017a047ccb6b20413b345e284526bdabc2a7ab98d527fb237859f605690d2a114279f7408ca7cea3f58646d809a3d6beb15a2d2d1e5c6e70e72a7ec3639

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
146KB

MD5
514f73dbad58ad8d4d3af2ba18812004

SHA1
15adaecbc0a52b999c04eb2ee9fa54de0bd35f80

SHA256
bb44687a829169c7111abba65835edffb403a1b32e04a1a391406a8ad1af0cbd

SHA512
9d4c3785190417cfb35256fb4c3cde97781693bf4663d8d4f18c1b033309d74da2e7816c68d8e8b3742b922f300a6dbf7c2736a9a56ba510bd2366d8fde64e19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
145KB

MD5
86b5563f126350f681aae409d947242c

SHA1
ba73a4500228ed73ede6ae7633b08924a624b352

SHA256
e9b43e148c409c49981be0259de308104fa30076d6cc7158cebcf7e645c7a8b4

SHA512
d0997a718d6160533263ea6b9c9902c68c1f2370d971f0cb38c4c173a565fb0f7a4c104f804fa2e4ad309d3e26fda4fed69041b1ffdb35457c5c0f450fbd89d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
72KB

MD5
f14b9e6e598629a17c4d94c88778fa06

SHA1
b075767751b6733f47d0d28578bd19df001d36a4

SHA256
3b6478089fcbd2a38ab404070a3fb9783ad968b63d24240c8953e4b2533be382

SHA512
834014fdc2a20c6574c91a0f5a3e52e7769fc406df230ae7bee2fe7a3b3e8da3059bed115433120be52ed3912aadf889b0e0e853cf6907121736d2a2c3f5da15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
145KB

MD5
d99ef95acd64709a6004df2b67c77680

SHA1
925ec5d9e3e7c87ba8aced6d4d1bd3755ae5958f

SHA256
e8adb59a49e1254f7932a37e3fd1ac1f67acf3b34a8ad4c40efdd71d8a840c40

SHA512
7b465556800b2255f2f4d5a0d57c1a065fa69db2d6467211ead3b3cf0941cf126374f3f243028bc6c976ce17c69933367fdf45d100a0a20878317a163a651770

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2244_CFTESPRMXRLFTXUX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit