hxxps://bit[.]ly/3JIl9dW

Analysis

max time kernel
63s
max time network
65s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
25-03-2023 20:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bit.ly/3JIl9dW

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Windows\CurrentVersion\Run chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133242523264695177"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2408 chrome.exe
2408 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

2408 chrome.exe
2408 chrome.exe
2408 chrome.exe
2408 chrome.exe
2408 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2408 wrote to memory of 2516	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 2516	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4292	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4184	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4184	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4228	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4228	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4228	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4228	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4228	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4228	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4228	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4228	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4228	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4228	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4228	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4228	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4228	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4228	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4228	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4228	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4228	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4228	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4228	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4228	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4228	2408	chrome.exe	chrome.exe
PID 2408 wrote to memory of 4228	2408	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://bit.ly/3JIl9dW
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff824059758,0x7ff824059768,0x7ff824059778
2⤵
PID:2516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1744,i,5730817569983976902,13225974061816965933,131072 /prefetch:2
2⤵
PID:4292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=1744,i,5730817569983976902,13225974061816965933,131072 /prefetch:8
2⤵
PID:4184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1744,i,5730817569983976902,13225974061816965933,131072 /prefetch:8
2⤵
PID:4228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1744,i,5730817569983976902,13225974061816965933,131072 /prefetch:1
2⤵
PID:4472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1744,i,5730817569983976902,13225974061816965933,131072 /prefetch:1
2⤵
PID:3096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4376 --field-trial-handle=1744,i,5730817569983976902,13225974061816965933,131072 /prefetch:1
2⤵
PID:2676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4524 --field-trial-handle=1744,i,5730817569983976902,13225974061816965933,131072 /prefetch:1
2⤵
PID:4820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1744,i,5730817569983976902,13225974061816965933,131072 /prefetch:8
2⤵
PID:5000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1744,i,5730817569983976902,13225974061816965933,131072 /prefetch:8
2⤵
PID:5112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=776 --field-trial-handle=1744,i,5730817569983976902,13225974061816965933,131072 /prefetch:1
2⤵
PID:3456

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4108

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
336B

MD5
01a34a7a7a554ae9c21d8dbf41996a65

SHA1
a528549c66b19802777bf0d6e414cd471ea704cb

SHA256
42c8214e90cc6be51c63f8b9e0f0633136bcea4920b0bfc178859b29443cc752

SHA512
8ff77296f2cb3aa806f4f0bbc8f830bac1808da6b14a355beca0a15a01c283d1f8a7b0f7d727cc79f430cd5b5e58d3e4c88a957afc8a478def8b4c52e7ee403b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
a5580d6a88f44cf09f5c56a58b7a5e11

SHA1
3977f99463391e61388de7472c3ed3e033aa9b2e

SHA256
c4ece3dff5235c43623bf8948d317e5eac5653763e279b11943835b89336ae58

SHA512
267f98aa34e124fb01fde5594353da237138409fff8905e8f68d3a616f44443b95b1573f6964d56c2d0126ab4bb020002b8403f2198fa65c886a7b900c65ac9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
b93ce45a75f0b91aaeffaacfb8be6cfb

SHA1
c65f4a577b8adeecf86c0d0d98481f4f05316cf0

SHA256
5996e6b23ad49a68b899f1d373e7641322a2d340b26e3098a2e7d8a247e291d1

SHA512
e956dada294a25f869304ed0b8405073420f42b3a36e0f8ec3526ff6214cefc2e149644bab16f582f5e1efc9f398463faa2b06bc5bd9fd349bcb4a53f660ca0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
706B

MD5
9aa546e08d1d1a0dd9d081911ced8c0a

SHA1
c65e515b43f96fe15245b0fc76488c8b0bac224f

SHA256
bb4722276e990f9d77ef8bac93b0be6ecdd081241f6e4c4308d7d6dac4e30afc

SHA512
2f6bc5d67901a8771ddabae6a3e887f40cc24a763bb164132c8bb2443e0293e1d31cce79624bf9248663db0e54ee66bc440d7685f0b6b41c210aa69619f2926e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
874B

MD5
f6d6a618e84e6442a9200f06d1b0ff72

SHA1
21c806dd0e00b29984c8aac7b5d02ff3a62d73a8

SHA256
25037f65ed1b6043c2fe4a259bad1b7f6da5f4ee2ddb9056c5c74cf824f706ea

SHA512
5abd7cd5c87047517277cc24c2425b553150eea8a9a5fe754699ce9df40e7fd50b322dab787c2f94daef2f2eb6dd89dd729a23f40e33edafca54b96928fe0bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
8f2bb312880f03dc7cc0e70bcef9199c

SHA1
697951f1cfb994104f57a906b34a7951d1451e30

SHA256
372ee4d5e6acb5f3319e4dfab3f775de5367ba2406f34f8f1497a00625e4a7ac

SHA512
3f69656964bd8230616f578c69a839beaabe10952ac6352d74d4719de73e86de2cf0e9983b5548b60f0b3bd5bf22ed6d1e7861dd01c9d1323b7e2df562c46d61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
6cec6fb484a48b201a0150a9ba732b84

SHA1
05bb6685f445487fe4adae361640e422dd1b99b8

SHA256
e4dddcd5b88a1fb39fcda32239344e86ab05448664ce862469749092f2f94525

SHA512
8cf594be56b40884b3e86be6c9cee84d193726857efe72d017cc49b3dbe0e25b0f414807aa4252199ec3a75e336d88eddd0a9b960eb016d5a91d341ea30eb94a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
56256aa1aba44914a5e6a13e3e397632

SHA1
43d2ba2fa125a0db211f4ecc3050ccc9c3da92fe

SHA256
920d3518a14b146c1d3d0084b53f8be54d39774e110f3e0e7c08abaa5aafa320

SHA512
d86a5e6a855413260e9a3829a3bb6eaf622f9fa63d1c2347bbfee87dbd69c77f3513735af768c6d73435bda59df37e1cf511341bf99e585e478c28fa866e4e74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b34194826ab9bea60de973537aa517c9

SHA1
f2deaf990249cd0319e935c2788d839cdd472151

SHA256
fd5a545180afe42688cd26b2c8dd188b3fa7d60aa59adadbfdb956ae3c4ae35c

SHA512
88e8d7fb523d94c19b40e2535354a789052b056a43a307dcac162ff688ed3278ea2ba3645ccd710658b772002d2b83379ddfa4941b55148f1e1f0b2c1e0f2f7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
Filesize
264KB

MD5
fac4feba06ab63bf594d7f9332ac134d

SHA1
02f087fe0c1a88aa1edc455da9affe239d24470a

SHA256
a8f31ff846bcf51208270346f36f6106e38562ef53a3da9783d77fe6a29046c2

SHA512
6f87dce59b3d6582ee8adbe89b9e13d4d0a6cf4d6b1299a24ff24fdc3c8ee44c7066960ab06cfed883d93664e8353795a87dcfba4370390ec5114536234679d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
d2df9793b5deec315112a18c327606ac

SHA1
77a33759bc33de65c4dcd77ca3a79991358eb678

SHA256
8af42624254ba57ef5e9b2cc7acb583be8b936053c228a878f9563e81b5c7057

SHA512
c8d957672181d81a614018476ea73f7e8f339b576eea01e745a813c7da5be18a0c55d879acb0dce368d1b81fcbe143d055a2a6b4acbdc7363b1661843cc0bc56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
8c4bce2033d31e64a0d5e2e0fd000900

SHA1
477a708a69fb350059ea522d17e8e0b6a128acd6

SHA256
85b632a5531469324d8e8c3c3a8c24d427142dc33e1613a57f7c28df13e48c21

SHA512
edba368436aaccea9c71d3b40c9dcc033e6c3a18424443ae23c9cdceee7886494e47954c0baab8b9cccadf76d96fb3c8e3796cce09a99bc2d5661f42692f7e39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2408_CJXHZSRYFLCQGTYO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit