hxxps://nmkcontabilidade[.]com[.]br/open/hshhghg/ZXJpYy5qLnBhbGFjaW9zQHNhaWMuY29t

Analysis

max time kernel
63s
max time network
70s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
21-03-2023 20:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://nmkcontabilidade.com.br/open/hshhghg/ZXJpYy5qLnBhbGFjaW9zQHNhaWMuY29t

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133239064586004647"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

720 chrome.exe
720 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

720 chrome.exe
720 chrome.exe
720 chrome.exe
720 chrome.exe
720 chrome.exe
720 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe
Token: SeShutdownPrivilege	720	chrome.exe
Token: SeCreatePagefilePrivilege	720	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

Processes:

chrome.exe

pid	process
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

chrome.exe

pid	process
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe
720	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 720 wrote to memory of 4720	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 4720	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 1268	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 2264	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 2264	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 3712	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 3712	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 3712	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 3712	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 3712	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 3712	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 3712	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 3712	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 3712	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 3712	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 3712	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 3712	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 3712	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 3712	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 3712	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 3712	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 3712	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 3712	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 3712	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 3712	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 3712	720	chrome.exe	chrome.exe
PID 720 wrote to memory of 3712	720	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://nmkcontabilidade.com.br/open/hshhghg/ZXJpYy5qLnBhbGFjaW9zQHNhaWMuY29t
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd48ab9758,0x7ffd48ab9768,0x7ffd48ab9778
2⤵
PID:4720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,3163882748998891633,36448444551453899,131072 /prefetch:2
2⤵
PID:1268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,3163882748998891633,36448444551453899,131072 /prefetch:8
2⤵
PID:2264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1812,i,3163882748998891633,36448444551453899,131072 /prefetch:8
2⤵
PID:3712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3200 --field-trial-handle=1812,i,3163882748998891633,36448444551453899,131072 /prefetch:1
2⤵
PID:4920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3220 --field-trial-handle=1812,i,3163882748998891633,36448444551453899,131072 /prefetch:1
2⤵
PID:504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4604 --field-trial-handle=1812,i,3163882748998891633,36448444551453899,131072 /prefetch:1
2⤵
PID:2360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4944 --field-trial-handle=1812,i,3163882748998891633,36448444551453899,131072 /prefetch:1
2⤵
PID:3608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3952 --field-trial-handle=1812,i,3163882748998891633,36448444551453899,131072 /prefetch:1
2⤵
PID:1896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 --field-trial-handle=1812,i,3163882748998891633,36448444551453899,131072 /prefetch:8
2⤵
PID:5076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 --field-trial-handle=1812,i,3163882748998891633,36448444551453899,131072 /prefetch:8
2⤵
PID:1620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5512 --field-trial-handle=1812,i,3163882748998891633,36448444551453899,131072 /prefetch:8
2⤵
PID:2016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4872 --field-trial-handle=1812,i,3163882748998891633,36448444551453899,131072 /prefetch:1
2⤵
PID:3048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1736 --field-trial-handle=1812,i,3163882748998891633,36448444551453899,131072 /prefetch:8
2⤵
PID:5060

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4480

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
fb058e63e06a606f1e9dcd85284d6591

SHA1
6106158bf28d26fa8dea571958d5bab3352ac95a

SHA256
1126fcda118b3aaf985f594181518820440d3ab43f4e3ea44880280833864433

SHA512
41cb400588dd5298a702f6b7e9af74c64d544eed8f15eeb2f7019a9a4876dc73bd46f9c8e5c83f634b6ca39e837c6e9f839433e757845c4b2f1094590d36edd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
01fb5c68442beba740fef92c68e25636

SHA1
82d5e82586c1c28ce7ae96415d458ed26178b649

SHA256
7e2c9c819bcbb49e66dd8b28f3aed1806725ef5c4611566cc4fe6c07e9699548

SHA512
0c3e2da4419b3ba00c2b182d10268a3b33a65c0ac272fc663ba1f2536ddd936d688c435af9a3efc712a49583ade5dd47b745c70ebebfb77c17f610e9618ad359

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
6de7b5549d1c600b7366b6e1b649fffe

SHA1
dbf02a42a9c75145a19b007551a7cf953f6eb07b

SHA256
c7db0dde7b8510e2ead7fee962984bf6bd3679d868217a26e3054778bbb4b058

SHA512
4833f648b7c385b00843203f13b8cb0744e69dd483c3cabf3137390f7e5b66b9e73dc3872556366a12d8554cb53ce4e16657dfbba7f467d2f9691d504cb6c6b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
1a30c90fbae12e0d304a204017ae512e

SHA1
61c6f3e895cd7a4f0b7783d14ad5377544ce43df

SHA256
9669c8100a4b58ef90cbee10f7f9e13eb5413c8d5c90b763feae1ffa56d1906f

SHA512
849f1a8cc153a137a448be6244bdfda4c0bb7231dd8ac6119c9fe5eb781780298510113f0889d8c91e6c6b74c69c08dbbfe685d6bf808ed80771a66af27dd1d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
de8b9e62471ff569df3d1cb67744b037

SHA1
113d136fe11cf34b2269a7b1bc8f7bbf58609a74

SHA256
4b7081a461f9fe353b1804e0a81bb8264f6e3058e8401a0900448f4479cf98f7

SHA512
75550e5e6dc704c3fdef830a0a50f515d8c19e4d83728138fd4b8ad59c2252a68a7559544a709410444a00a59909465dd396ff1fed6a49344cbb63dd5e116dba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
d3e756c43b79e69b781f76e9d6e93d51

SHA1
df3996ae40d8ad3e1efa79a174ac8a35042ba230

SHA256
1f3b7313da0fe588c1dce90c04dc5d3f789df4247023a21e6df1b68086b8ed17

SHA512
2b0de2f67e2b5a261049773b6eb4b1b796298193ff44db1e324aff94d4045783899bb3f79c78cb78af4e557d76264ccd1a3de5c2a9d054f77abd9cfd8a578a0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
Filesize
264KB

MD5
a8f484dcd588503cd8ba467cc2d6b5a2

SHA1
3004b7bf177c6ddb9c9ddcee683c476e2f137209

SHA256
c124a261842b43e520e007f1cb7041ddece8dbb0e9c84613914df6ed2ac54a09

SHA512
55ed18640efb6d3acf104fb264b6705037d5bbafa6eabeca6ab89a3f665f4ef9e3c16c7b125520e75d452ae571370f3a214c54d0aaf2e50ff84f96e07e388adb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
90483dc633f22fe5705cddefad51fb8f

SHA1
4183747fb594d34dd8dc2f6e5dc2b31e3f7ad30b

SHA256
68088457e2cc82a38f2fb91da93244223b73719a4289a362fa6efc3162c74508

SHA512
0e2b9f7c09bf2654053b63b41e4302d75694682fc4272b0af1e338dbb93c8ea05708518d339f29df434a424149e69e9399b38e214f591e61f86bd6bb30e334ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
c5642f4a7a503616367a0a5d098805a7

SHA1
5f5011e4d5d7bba4827ce081fcc91e7fe24ec351

SHA256
dca53fba3a1e63d2b9f4c77c4ad141932d7f9bce20d05a06b8b1923da16c10da

SHA512
65f97bf1b8aed892a10fc9efc1d7b8df076aedf34caa87baf568b1a4e6792a818164320b9377ba6f2fe1c3f565493f451f5c9737b5408657cc27d09d90aeb20f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
105KB

MD5
2be35c06a30530dd9f2aa42bfde3b7c9

SHA1
f994d45ad18f1e74bfc34260581a516e316c2719

SHA256
5d8359ad922f62243d262b5a8572c17885233a237e63a998bbd64ac1a361392d

SHA512
ab1c07f8d8b2f3d84f7392f9cf237aa16833d61bac5dedbef2355f89c07b98b67b72445450128b773a747b14bcc638e73c1a6d4f50c4eb5668b2963632c3b494

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe573f0c.TMP
Filesize
103KB

MD5
251c20895890793e30de0708e706f687

SHA1
b4ef22350091f62bfd31373ff57b7be03dcfe4a7

SHA256
850713cdbdbff3018acb8fed3632df9f3e021d791b2f687bb8a89ebfd6d35d94

SHA512
a6a5aa3031bc92b117215f53a9dffc4ce07907b78566b41ef21e06468b349ca654a83ba028f01c030d8287fbb62e0bd21bfbeb2b4b660aeb0125bfc915a4a245

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_720_DKVCBMYVOFQGNQHX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit