hxxp://google[.]com/#cHJhbmF5Lm1hdHVydUBpbnZlc2NvLmNvbQ==

Analysis

max time kernel
600s
max time network
511s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23-03-2023 16:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com/#cHJhbmF5Lm1hdHVydUBpbnZlc2NvLmNvbQ==

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133240653930780562"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2000 chrome.exe
2000 chrome.exe
620 chrome.exe
620 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

2000 chrome.exe
2000 chrome.exe
2000 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe
Token: SeShutdownPrivilege	2000	chrome.exe
Token: SeCreatePagefilePrivilege	2000	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe
2000	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2000 wrote to memory of 4880	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 4880	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 228	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 3884	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 3884	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 1832	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 1832	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 1832	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 1832	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 1832	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 1832	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 1832	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 1832	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 1832	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 1832	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 1832	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 1832	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 1832	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 1832	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 1832	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 1832	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 1832	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 1832	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 1832	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 1832	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 1832	2000	chrome.exe	chrome.exe
PID 2000 wrote to memory of 1832	2000	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://google.com/#cHJhbmF5Lm1hdHVydUBpbnZlc2NvLmNvbQ==
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb3349758,0x7ffcb3349768,0x7ffcb3349778
2⤵
PID:4880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1792,i,15583295336648607575,5900161866811869936,131072 /prefetch:2
2⤵
PID:228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1792,i,15583295336648607575,5900161866811869936,131072 /prefetch:8
2⤵
PID:3884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1792,i,15583295336648607575,5900161866811869936,131072 /prefetch:8
2⤵
PID:1832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3132 --field-trial-handle=1792,i,15583295336648607575,5900161866811869936,131072 /prefetch:1
2⤵
PID:4472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1792,i,15583295336648607575,5900161866811869936,131072 /prefetch:1
2⤵
PID:3796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4528 --field-trial-handle=1792,i,15583295336648607575,5900161866811869936,131072 /prefetch:1
2⤵
PID:1280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4820 --field-trial-handle=1792,i,15583295336648607575,5900161866811869936,131072 /prefetch:8
2⤵
PID:4576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1792,i,15583295336648607575,5900161866811869936,131072 /prefetch:8
2⤵
PID:3896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3988 --field-trial-handle=1792,i,15583295336648607575,5900161866811869936,131072 /prefetch:8
2⤵
PID:4272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3760 --field-trial-handle=1792,i,15583295336648607575,5900161866811869936,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:620

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2612

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
3ddc9c6c4539141d7f94e0058ecba27a

SHA1
e14fad25972d16de2b23cf779e4fa6b0e8463425

SHA256
abc653e2fa8c02fc8cb9ee4f9f329c5deb49865c6cc2b6a7376a4e12ef9d06ab

SHA512
6fabccf637b7f6b5be1b8464e056fba1e9257a5288aa241399a5f991bfa6a4e0d7e50163cebc7b5b155be048d13c93a0d056e69e4cdb3bf8e8d4a88b7e07a2f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
e4918106b73d30148ceaeb48eb752e9e

SHA1
5bb91a9ff4dbf554b6c36b6caf38734f5b1c60b2

SHA256
cb00f2a301158095891b3b3ab9e559d60967bce8fbb57c5fd73d366c70a318cc

SHA512
a987daf1a8e4eb9c44261b207c0ae597bc023040f2ced280724f4389cc8e48d9045485c6f0698da6ebfea08890a515b553a97da5ce9ef233ef5e5f1311987d64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
b52f4ab3cb6e3729e8d06b18c43ae852

SHA1
44a4122e6c7fc6f1b4d99b823fe6e3628cd716a1

SHA256
6c53b786586849ddf13864cedef0c945d7495265c5b29388af50f99e9ecf6a8a

SHA512
5800bde52db726348007eaa97272603644265b74adb99d34774e6bf65e1c5ec796fe9178a3b731107da1c070145d0c134e40eae130c635dcd1fc0caa5c22e9f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
6e4f46012a4b0d433f3342031eb96bf1

SHA1
d33647300f681c4b6fab71a415d387f9928dcfba

SHA256
32697ee2f12a06057b2177e8c1921cd2885c54332f9e29712c6bbde1582caad9

SHA512
55026b9432303afa4386a69b76a2c203b8970ba6fa70d1f93b0111064f99628781d99b31cbcd539d96d038673348208907414bcd7f438e9632a7cd0b4184f7ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
5da840bb1f00a8404c47572569b70fa1

SHA1
d1a536a9564c9f5283833107d0cbf31ceec0b668

SHA256
cb0a90c685527c3995dac220c985e5688f52a819554196fc48a18c3a7eae4ec5

SHA512
d8cfe58f3da5bc51dff221b31a1ea9e2077bca082d574aa63523d9cb87bd3f7553041c078974c3be6fc4844df6a90923208cc3942505315fc51e6a69b388cfb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
66a4853966852a6c567b1d75fd66ee2e

SHA1
35416547307a1fdc433a2792686968abcfa5f839

SHA256
3ddff7ad601a35a73d0152cac522b6e872f010a14df6eda8c5bbf5a70bc072b2

SHA512
63d16e99e09698eb51a0b5444a826f03c64542e141922281a28cecb3b404375c8a635252cde827effdb366780a447010544f79f211c9e4f8e74ad3a97520d970

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
dcd38b9d0adc4e86474828350a3a795b

SHA1
bb5e49b8b01690da50017b0a7e01c1a8fc28babb

SHA256
ddd1a4ff7423b5a5ac2bf60ce09e43579faf1349fd10388ec1f61a24e5b69a11

SHA512
5188b82a0cf7208077b61cf99b4eab77e84756d523bab737647f42fac25cda54f3e70bb91390d8350520bf3bff10e85a9040160ab427e7d5836afdb90d472cce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
145KB

MD5
7afa1e21e8e0af55d8a96a628e8a7496

SHA1
7cb6455bfa7cb8beb4af0270ec61b759afef2b25

SHA256
c2fe15edddbd6129f6771acd23afacd6fda16d1e3125164e014bd16f3c58a175

SHA512
c77e96540c48d2f5502ee5fd60cfb59f8544aefa29b684cdb37e944e11f01fca0572293a64b074b6bcace35f21600edceeb8c82e1be04d57c6154c1d5aed36cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2000_XUGRSTRDMUZDVWZY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit