hxxps://lp8x[.]canksru[.]ru/helloworld[.]hellow@world[.]com

Analysis

max time kernel
67s
max time network
70s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22-03-2023 15:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://lp8x.canksru.ru/[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133239778277735565"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4924 chrome.exe
4924 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exe

pid process

4924 chrome.exe
4924 chrome.exe
4924 chrome.exe
4924 chrome.exe
4924 chrome.exe
4924 chrome.exe
4924 chrome.exe
4924 chrome.exe
4924 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe
Token: SeShutdownPrivilege	4924	chrome.exe
Token: SeCreatePagefilePrivilege	4924	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4924 wrote to memory of 2984	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 2984	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 5028	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 4044	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 4044	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 4972	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 4972	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 4972	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 4972	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 4972	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 4972	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 4972	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 4972	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 4972	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 4972	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 4972	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 4972	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 4972	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 4972	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 4972	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 4972	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 4972	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 4972	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 4972	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 4972	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 4972	4924	chrome.exe	chrome.exe
PID 4924 wrote to memory of 4972	4924	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://lp8x.canksru.ru/[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8052d9758,0x7ff8052d9768,0x7ff8052d9778
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1788,i,342847689812279931,940041881834129695,131072 /prefetch:2
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1788,i,342847689812279931,940041881834129695,131072 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1788,i,342847689812279931,940041881834129695,131072 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3176 --field-trial-handle=1788,i,342847689812279931,940041881834129695,131072 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1788,i,342847689812279931,940041881834129695,131072 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4488 --field-trial-handle=1788,i,342847689812279931,940041881834129695,131072 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4636 --field-trial-handle=1788,i,342847689812279931,940041881834129695,131072 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 --field-trial-handle=1788,i,342847689812279931,940041881834129695,131072 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5396 --field-trial-handle=1788,i,342847689812279931,940041881834129695,131072 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 --field-trial-handle=1788,i,342847689812279931,940041881834129695,131072 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4496 --field-trial-handle=1788,i,342847689812279931,940041881834129695,131072 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=832 --field-trial-handle=1788,i,342847689812279931,940041881834129695,131072 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4520 --field-trial-handle=1788,i,342847689812279931,940041881834129695,131072 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3736 --field-trial-handle=1788,i,342847689812279931,940041881834129695,131072 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4660 --field-trial-handle=1788,i,342847689812279931,940041881834129695,131072 /prefetch:1
  2⤵
  PID:3200

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2944

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
aa146def33bec9cc88b1098b2a04d261

SHA1
0273e9b66b6b8942e53635e6bda65d88557316f8

SHA256
e14cabdbae2b9455d45fb83a04d7e1c30712b2620d692d246c285d89d722c1e1

SHA512
1526666e0b0b461efaef158bd707a2e0dd723eea494e33e7431b2e200b753e17e8c956bbe7c1ed945f7dadddbb2deb3e00bc19547d05dddec6b38cbbac639b8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
316257536d510d9a59213d47534c2a38

SHA1
c0cfa4e38a7e9ed9090ccfff3da73846855e7f8d

SHA256
667b0af5936d162915ae0aad96555213c7a5137f8b2d725e289a9f395482ba95

SHA512
c61805fa339bfe86b6c24d82d08311cea176edb997df28479de9a961511350a1134caa2fceb979e938384c4bb326f3701e910c86570dc26961d723b1b6088a4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f7594afffb9627ea0919ec89a3412d8a

SHA1
8e09a9853e2421514de8b7e166d87bafbc4a7b05

SHA256
2fd776f582f1887e98c45eea072f9f1c90acec2f050053b5fd7a968e244b9a2a

SHA512
9cc14f9876491ba7f4f8a0d5c02c54f9f7337ee1822b90acd8f410757dd4269613104ceacfdefa4daed08f2d9377b2f4c694c16de6090ff0475ca9fee3c0c85e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5a3688c990e1a61d07b38ddc151ffd21

SHA1
bdd7d18558a89dada981b574b8173c85f03c5ecc

SHA256
acc1897cc8264efd5c17ee17db0e30347858c54310296934250dcc1d63dd7b47

SHA512
1dab2c12e834ce27adac3a11154a8e8a7c3ef4be06bdfc1637599143681d16c1d5b4565b6c774d8d65ecbfa9b7e413301254f2e31d55107e5ac845964183a89e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c05cf2473da932c578d57e5f685b9198

SHA1
46cf7a1e46f7f35ecb573ee56192966d1efe5ba8

SHA256
68f6a4de30803151a6dc65e93a13f653a33e3904c2459edce6987318fc68a974

SHA512
392b84eb0b573851a786fba8ca48e7c8d15ff641649b9102cba7a2d4c2eb2b57855de4dd4634b9f7d7c6361a7a7e2f9681c1a16b4bcf61bbcd532ea52ce04243

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d4a276ec400988d020db09128db70894

SHA1
7e08b63d497849fb72815b3661e165981cdf5cf4

SHA256
e445fc416aaa8e4eb50bc8504ab37759598792e0a3f0a5b71a2cf15b29588096

SHA512
6edf4f80c2d76a84d76be59adba66c923773b7c551f9f96a73cbf74251d902a07ded16995a5e421ef302d91a236ee813072811d3b49796b3df643dbfbe147087

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
fcfc5c41869da02f9ac0c4fc8813280c

SHA1
f4f0c3b5c42b140174897c5bbca243e9df57cfa1

SHA256
28185dfb87d9847fcd167129fbe0a067d554bf0546b151c8b53d45338f84fd23

SHA512
1519a029e39230288752cb90175f05a629136e5402656418cf5ab1b4a9088d28698e7a5003903cba0f2f98177bc7638209be796f53be79724e61ed1fdb20c272

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
ca84c277e4c5d4ab3a80919ae7088887

SHA1
6fc6c5dcc4bb5a468bf614635dd102500b47946e

SHA256
f04319b6015486031fbfa21e1225a73ed13e58e049bbea97213c473b8abffd3c

SHA512
4e837efc5558b2fb3b868f23eef55c4d8d6895a56fc9caa7005e8b798f3bf2ed4e367d78f03ba61a11289f728e7b87a6999cedae067c3b25834e52478185036e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4924_ZZOAVMJRJCTBZRUE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit