hxxps://pub--105313433c3540a88a28e3751cd59d01-r2-dev[.]translate[.]goog/backgroundfull[.]html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp#donna[.]s[.]lynch@saic[.]com

Analysis

max time kernel
95s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
27-03-2023 13:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pub--105313433c3540a88a28e3751cd59d01-r2-dev.translate.goog/backgroundfull.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp#donna.s.lynch@saic.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133244035792079016"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1736 chrome.exe
1736 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

1736 chrome.exe
1736 chrome.exe
1736 chrome.exe
1736 chrome.exe
1736 chrome.exe
1736 chrome.exe
1736 chrome.exe
1736 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe
Token: SeShutdownPrivilege	1736	chrome.exe
Token: SeCreatePagefilePrivilege	1736	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe
1736	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1736 wrote to memory of 4380	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 4380	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 3244	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 1088	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 1088	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 1324	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 1324	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 1324	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 1324	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 1324	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 1324	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 1324	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 1324	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 1324	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 1324	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 1324	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 1324	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 1324	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 1324	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 1324	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 1324	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 1324	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 1324	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 1324	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 1324	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 1324	1736	chrome.exe	chrome.exe
PID 1736 wrote to memory of 1324	1736	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://pub--105313433c3540a88a28e3751cd59d01-r2-dev.translate.goog/backgroundfull.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp#donna.s.lynch@saic.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9a8689758,0x7ff9a8689768,0x7ff9a8689778
2⤵
PID:4380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1812,i,8998366467275813970,18295776060715605711,131072 /prefetch:2
2⤵
PID:3244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,8998366467275813970,18295776060715605711,131072 /prefetch:8
2⤵
PID:1088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1812,i,8998366467275813970,18295776060715605711,131072 /prefetch:8
2⤵
PID:1324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3156 --field-trial-handle=1812,i,8998366467275813970,18295776060715605711,131072 /prefetch:1
2⤵
PID:5092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3328 --field-trial-handle=1812,i,8998366467275813970,18295776060715605711,131072 /prefetch:1
2⤵
PID:3120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4916 --field-trial-handle=1812,i,8998366467275813970,18295776060715605711,131072 /prefetch:1
2⤵
PID:2964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5476 --field-trial-handle=1812,i,8998366467275813970,18295776060715605711,131072 /prefetch:8
2⤵
PID:4124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 --field-trial-handle=1812,i,8998366467275813970,18295776060715605711,131072 /prefetch:8
2⤵
PID:4228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 --field-trial-handle=1812,i,8998366467275813970,18295776060715605711,131072 /prefetch:8
2⤵
PID:1980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5384 --field-trial-handle=1812,i,8998366467275813970,18295776060715605711,131072 /prefetch:1
2⤵
PID:4600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5596 --field-trial-handle=1812,i,8998366467275813970,18295776060715605711,131072 /prefetch:1
2⤵
PID:1636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3932 --field-trial-handle=1812,i,8998366467275813970,18295776060715605711,131072 /prefetch:1
2⤵
PID:5040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3300 --field-trial-handle=1812,i,8998366467275813970,18295776060715605711,131072 /prefetch:1
2⤵
PID:4420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4488 --field-trial-handle=1812,i,8998366467275813970,18295776060715605711,131072 /prefetch:1
2⤵
PID:2072

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1984

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
Filesize
230B

MD5
3fa82a14adc29933d3d2c4b1bf4ead55

SHA1
9f18531b132c44d0f83d6d903f9233e81535ba2f

SHA256
55c88dfaace3528eebafb310ea9c97fca0e91205e5d5047a4696288f1f6dee84

SHA512
9761f43ae64fa534e0be6e2d384e9793961ed73883c0592d953158ff4102409580c0507765558df3a82c23000d88c99a368376ea20919204c59b6ccbcab6815b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7a029391-ae30-4cd3-a93c-f9e8a8aae0f8.tmp
Filesize
7KB

MD5
c8289987c7443bebeafce85d1e3ea40f

SHA1
754dbe977fc00b10fc24a342c30675bf257f345c

SHA256
281e4e6f6aa5dd9a5878cdf16dfca726d456ce1ff58bff0be8100ea808d19077

SHA512
aa092d136a0c356b11ae8e68b6c8980fda88a74dae51e084ab4e6c8f8b26b8e512699b97d4f40a74d74024bf6532ad5d1af24b2abdc6ed30dcdc8ddbf512e3fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f
Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f
Filesize
107KB

MD5
330bf2a762345dcc9cdd859e35b0745e

SHA1
1217677a3f1eadf64d0c9628ddc20c8ba50b649d

SHA256
0bbf5e300f59675cbf6dba4bf0aec56789d9d5b0bd289ac916f533460123a787

SHA512
3bca369993de1bfd8e87e5bbc93827cebd939bbeb5460ea27e1067cbdb51122e330ad41523c3c0ec041116a598c934669a8dc4d70ef0c7858cca904dd41f402b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
432B

MD5
e571a0c42ecc90b505203ba7e15ccbe1

SHA1
7309f63e071a600470a20c01c2f40167738aab30

SHA256
3c5dbb1321ee174be35c4a0dba6cedaa5b55e27c207d5bedf7b7ec03dc3c7364

SHA512
0357cd639b71d66be01f5983a7016b5e5330f3ee6245003d1de34524abf4d6ea9b962e7434ed293ea29f6d0ad1cea68a9456527f9765c85a5b36f5037b12349c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
7KB

MD5
48fe976ad95f2cde8582d6f566accfcd

SHA1
1433a1834bee7a7ba5826c9c6531300aa50a2d37

SHA256
150032ebe247df760658ff89fc4f86db3507d322af08c4b0bb0900b64668f94a

SHA512
23632fc237c768076da929c4286a9bcebc0b538b49cb58596d88603b54beec8681b9302b964ad324177b98e1355e035f135f9a44b03a8ec5fcfd43054969e33b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
cdd6ac4d91f042ce09b6af67aa1d499f

SHA1
f6c07b179f907bfade441a3983968b0f9a54aed3

SHA256
35fbb06c0f56a4e716f22b8c9a90833f97dddaa0071b848f58f50934e5461147

SHA512
7ea5af9c450aa7e984c6308eefa5a69c732416af39d04757c1dbd8f70b3615d00e43f563ff506ff45127d127f1cf6cdad4f4997c0f576d5c9785ef1b204a5ecd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
afaf7e3f634ef5996a1787ca757de97a

SHA1
33ad5efda2f7351167af540668bea27c1231c913

SHA256
bcea536c8a27346da9ae195f2754717e9ea6420a676f2c46d04fe0892c8d0a00

SHA512
857aa0285819b1c28207223fa293a38db00c5f679ce1fea53795b1b42103ca308aafe2ebedf6148ffb86dc9f6939fc74fb30a5935504e210a6baa4e714c3e3e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
e6a3d9b66e8705c70a1031894fd21006

SHA1
5a4b7e5d5c9445db6073f2f08210254a36ed6080

SHA256
aee5e64c61d0b376f3395675e2c7b87034277916cd648d90721fa112b76e3bc1

SHA512
082fb689039eb3c76609f675368b6b9c7c28c638d72e4159d39ceed4d439cdce8ab650da4bfd641b5d8c686a66e18120d8f246790a1f94177240df82ed265236

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
2e7a30645f436b4e85eaa027238f5e23

SHA1
f7617fd909268c781197f19115b76156a9a6d26c

SHA256
45741a7d0dc5bbe23520e60ef996e4c3f3c4b274f6c668ff4a16382fd50f2a8b

SHA512
f44bc6e87a00c6eb8ca56324c1e4c086c3d057ef4cb16ec15d350324630ae49794f72303bc58495b57bf63bc9471b9a69cbacf95a5ec23b39c7490fe596c4e9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
f89954dd0255560bedf40998c74eb56d

SHA1
74578f27d7dcf1189a1fdc6cf0651ae4e4297b0e

SHA256
cc0ae334770ffb9a39fd69854fcf54ae5b4740b14072d9ac80604ea45c3bc877

SHA512
53f1ee28281926aaa97bd5d45d89025ccd351339a59e3eb00f4268a4019c2039a9810053b19d7f9ad6efa92340948715f5df5f838fe3080615df04b6bf477acf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
119f630e00ba9323c1a83bc220e0b9e3

SHA1
b51074d291fde1099410ee8372af97901dab18c5

SHA256
c9bf0813be7283b2224842fbc7e95fc25f5f3df4c93b24863e42f0b9132f0e62

SHA512
f69abb3b26321a9d2c4dd0535dd1f701dd8bf81e0da5ea123c629500cb33e185d97d4430555acf337d5e22065d5fa7d854cad520e8ada310a6e2ff3fe17c8c1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
5d1998544e5d7e9dfb8c1dc5b4479471

SHA1
bd52caa4a34d0f416f15d83e832a244f9110bf44

SHA256
6fe6e315bb6eaa8e70accf6f8b2ac229c9a12baaaeceb3b8c82f1baf09e652dc

SHA512
ef235602ff65fafaad2c3ded24b0b847ac6205feaafa5de577e9d4e4553a466a0c793abf7b82046a80500aa9dc222c7cfe98046077e4f2ecd077e8d75ce12aad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_1736_PBURVWRFIIZJLFQI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit