60ee1788cd5312cf87191ee452585f70c746c6b4f5cb2b8cc5e6b246293353a7

Analysis

max time kernel
64s
max time network
71s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
20-03-2023 16:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Saic ‮‮‮fdp.htm
Size

976KB
MD5

cc5940ccb2c4b901e7d6b1c40b0d8fad
SHA1

817ed24741084a35f2a70c3c56b08e5b9b1a8997
SHA256

60ee1788cd5312cf87191ee452585f70c746c6b4f5cb2b8cc5e6b246293353a7
SHA512

749f21b3f1482c3a33a9fb5d5bdc4088effb2105bffc9e787d756bcde9454befcb14703bef4dbba7784463d194c8aed5316351994360090bdb9c253f825e4eb7
SSDEEP

12288:ryKrQMR2egontbXXD0YPJRuTznnWwl36b5orJYQsIZ:OX

Score

6^/10

microsoft persistence phishing

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133238060994761916"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4236 chrome.exe
4236 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

4236 chrome.exe
4236 chrome.exe
4236 chrome.exe
4236 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe
Token: SeShutdownPrivilege	4236	chrome.exe
Token: SeCreatePagefilePrivilege	4236	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe
4236	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4236 wrote to memory of 5108	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 5108	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 3676	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 2576	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 2576	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 2816	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 2816	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 2816	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 2816	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 2816	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 2816	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 2816	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 2816	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 2816	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 2816	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 2816	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 2816	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 2816	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 2816	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 2816	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 2816	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 2816	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 2816	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 2816	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 2816	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 2816	4236	chrome.exe	chrome.exe
PID 4236 wrote to memory of 2816	4236	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" "C:\Users\Admin\AppData\Local\Temp\Saic ‮‮‮fdp.htm"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff92fe59758,0x7ff92fe59768,0x7ff92fe59778
2⤵
PID:5108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1824,i,10587669541214419664,8381058058909235264,131072 /prefetch:2
2⤵
PID:3676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1824,i,10587669541214419664,8381058058909235264,131072 /prefetch:8
2⤵
PID:2576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1824,i,10587669541214419664,8381058058909235264,131072 /prefetch:8
2⤵
PID:2816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3180 --field-trial-handle=1824,i,10587669541214419664,8381058058909235264,131072 /prefetch:1
2⤵
PID:4672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3192 --field-trial-handle=1824,i,10587669541214419664,8381058058909235264,131072 /prefetch:1
2⤵
PID:648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4832 --field-trial-handle=1824,i,10587669541214419664,8381058058909235264,131072 /prefetch:8
2⤵
PID:2808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 --field-trial-handle=1824,i,10587669541214419664,8381058058909235264,131072 /prefetch:8
2⤵
PID:2992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1824,i,10587669541214419664,8381058058909235264,131072 /prefetch:8
2⤵
PID:1520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5384 --field-trial-handle=1824,i,10587669541214419664,8381058058909235264,131072 /prefetch:1
2⤵
PID:4088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3788 --field-trial-handle=1824,i,10587669541214419664,8381058058909235264,131072 /prefetch:1
2⤵
PID:3932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2792 --field-trial-handle=1824,i,10587669541214419664,8381058058909235264,131072 /prefetch:8
2⤵
PID:2852

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2408

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
2d6ac2d02889a4930ee178673700e334

SHA1
0475280c3a5eb2ffedde3cc62777ca31a8652c28

SHA256
7a65ca1deb16a7d32a4d4bc789c24f14e34cec1ef49218b91a050c0486d74c0d

SHA512
e999d358bf0c83a51b9608f39df13432ef4cfa630ff963d91ada4b262b759993749bc4c5a5304baf1be554e03dd050a60b21c16c38075c4aa8536938bd549a22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
0b177a5a91676e48cd83071ab9f0d97d

SHA1
fdb2b0a6033afb74f05013e34aaf8ca4fbc0df95

SHA256
6b7848059f90a1c4303932c0f2427160f18a166a2551c34f9a8b31d6b1c0d834

SHA512
ca74c999a4879cdd78205196453081d84122f5e68bc226405027e5695581460ba994beab7663073e068aab5a1159745c8e585c7f9547bf4fd0b4ca3d5fc3a4c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
db2eda2fdae2acbb07f8426ad400644a

SHA1
6e170a1fc463bc413abc37643a6bfaab4331af9f

SHA256
2620daaa88bc659ef7bb904759a5842d12ed3267569fedd120862113d1eb019f

SHA512
c577395abc122c863ea0cb7605cc8024003d79aa191f3b88a1a519f9ba1ee83c075a1bf760e1e290409b7331f01993b612227be4e79cbabb41e84d061452fc86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
874B

MD5
df0b2914e5179e0d5ea4ba88b8165a4e

SHA1
392767bc3b89d5541bee967398003838cbcc5cc0

SHA256
e8fcccf722dff3eb416ceb58d7e5a25fa7a3c382a641f7515530a98989cc99bd

SHA512
dcd7f119dbefe087d7a462165d374d59c8b6ddb5e2469bf57023df46b466d18ebf756f6602b264e3ae7bc7e6c6f196a581d46c06b310f9ce40e2f8d4fb18950d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
874B

MD5
f8b91b7c0db69a80f2cc4f0f7d398467

SHA1
1cc3b76264940adaf00517ae51f5cc72f49a08cc

SHA256
92c2601dc05862ec83fc32b2b1e611684d3729158ab816c892548e250b1824c0

SHA512
e75ebff9200236190d39bddaa28bb415839bffa62d5e38098c2e4c298589fb213977a5ee41515d96b7e5b3b7324466e60564366e64bd82329907c14664a042e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
3c88b3665b455a8f41a8e69eaf7e772b

SHA1
d7e2ae7d6eaf52222581afcc49fceeee889694b4

SHA256
26cd540964daae51a19d1c47d8b197f9dbc1261bb121a418250a79bea8b4f9cb

SHA512
97a448edd7d4ba49a5d118e61d939a31a5a6db184acd86e6f532773fcf7764beb2ec4d0201e2c3c013c5bec571bcc34c22dbfbc5ae12a08b24be673fb667a3a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
0ea535edf595ba290e947bc795105d36

SHA1
a6b81ed53788c088419dbef32aca3e27645869e4

SHA256
bf5e40608b6e79d9ca787b05a8e463661c425158aa8f724e721b7eb16a510071

SHA512
dc262f5fe774c639af88d4f3b075d6052f7b0c7b13f3ea127bef8db05f75ffad1bbd79ce4e0d9470fe1c7a9ca360e1b42566796696276de265a2f067befd45a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
af4167899398156875d78d8ebfdc4945

SHA1
92be7ff419294b0aac3f28be2a50fd6d6112e518

SHA256
b39f432d55aa5eb5354463f670b6f1c5b1e14aeb51fe633495620aabf82df24c

SHA512
9dc580693c7aebb47827daf569a94f89e817cb1aa192d05b433921233d108227dda5ac33151134bbd9a78b60b4d2dfef2297c82e1b8d6238a19ab05dd4180904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
dd39d0565b823b44cc9d85c2c92f2233

SHA1
f25d7eb4207114ff69b5f214dcc582c24b455298

SHA256
32e034555dfea4c44cca0e4f2cdae901aa830e9c7ed26e6447209f221dfe7d7b

SHA512
72360f3904679d066cf166718fa53d7735de968e3ac6c4af0d7f3a6c145db7af658b0b58041bc4c061464b557a78fb825b2a5054e571984cfca72bfe0bf7c9eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
Filesize
264KB

MD5
70b0d7a186296328146f65d4cf748337

SHA1
63a58521420f11a63d9b342f5d51d77a6b744a64

SHA256
be54524cfad1fd8ffc555853833fd1211cb40ffe1a011b6913221bb6c435652c

SHA512
43feb3775dc1911af5525a040d37691ec1bde4a524ae0d3229d94ebd2eb42023475f258f2ac5c793c36c2174fa071c7635ddb4bd44bbb4e89cabcd7f54e71601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
bec4da49b71904e8681cd0ec64ae38e4

SHA1
2b68d14e360af99eda0dd8f9c0094b08a0bd41d4

SHA256
238c217721975dc6c6e10fd1385a8b0e3eaf955e0da4cbdeddbf1e57fd7b28ce

SHA512
34bdda31b08798aaeb70090b0936b6a0f054ddf3419122f81ec4951a6dd9bf192c814d9c62e0eec67104a9843c61416418d2b5fff87fe3b018aa7d0916eb2a6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
b0f5f69b4c9c63ea40d27fe2bb31d84d

SHA1
aff46d2ed7e543e03d88e49a80150229f609f340

SHA256
10fa4a62da368720fdb3fb5b6ab6e4d2a61fce70a81ac11ab6f6e0c55d4d7afc

SHA512
2fc073c99c728ec2c98a09a3b1f127736ea525af105a47a81b5e0e6cd445b4d9ca32cf4c803f19e949fbf0116c6992c05690d45820b2070f55479852123d2fc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
102KB

MD5
0044547f932a37158319c2ad4b11f73c

SHA1
827f8bb2b865f254cccad5db3c3fd41b3e337954

SHA256
0b11e3aa866d7329795ba68b8684a94f567dd17e09f5784f2d75b21844259387

SHA512
4083bf4df940b7e49501dfd248985314e130429053da451705466f73ddff1a2dd548cd0390990d51725af34fdd8f2a2bac09990978ec0fb2793a32383c504bdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe577b5a.TMP
Filesize
101KB

MD5
c72c6919688a69b7188880024659b639

SHA1
3145472f3acd70f8907863a4637104438dd25b12

SHA256
dd06a04d06a78f1a0b4257736bf8d867c6163210b676bb5b6e4e10dfd5c39312

SHA512
f0563bac22241b3df296451e32453872ae58e4a8d0756829ab356948a3f95c54fb9d3ee130418bf5df133c61607514f05bdd01ca8764ed2285838b95bf65cadc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4236_PDYZMILADQERPRCG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit