hxxp://xwtrh[.]iofici[.]ru

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
28-03-2023 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://xwtrh.iofici.ru

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133244480975277171"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2172 chrome.exe
2172 chrome.exe
3804 chrome.exe
3804 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

2172 chrome.exe
2172 chrome.exe
2172 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2172 wrote to memory of 4456	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 4456	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 3964	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 4256	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 4256	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 4660	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 4660	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 4660	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 4660	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 4660	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 4660	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 4660	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 4660	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 4660	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 4660	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 4660	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 4660	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 4660	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 4660	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 4660	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 4660	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 4660	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 4660	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 4660	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 4660	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 4660	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 4660	2172	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://xwtrh.iofici.ru
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9ca619758,0x7ff9ca619768,0x7ff9ca619778
2⤵
PID:4456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 --field-trial-handle=1840,i,4057947941299717128,9307472575948363192,131072 /prefetch:2
2⤵
PID:3964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1840,i,4057947941299717128,9307472575948363192,131072 /prefetch:8
2⤵
PID:4256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1840,i,4057947941299717128,9307472575948363192,131072 /prefetch:8
2⤵
PID:4660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1840,i,4057947941299717128,9307472575948363192,131072 /prefetch:1
2⤵
PID:3356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1840,i,4057947941299717128,9307472575948363192,131072 /prefetch:1
2⤵
PID:4044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4708 --field-trial-handle=1840,i,4057947941299717128,9307472575948363192,131072 /prefetch:1
2⤵
PID:4680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5276 --field-trial-handle=1840,i,4057947941299717128,9307472575948363192,131072 /prefetch:8
2⤵
PID:1884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 --field-trial-handle=1840,i,4057947941299717128,9307472575948363192,131072 /prefetch:8
2⤵
PID:4924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 --field-trial-handle=1840,i,4057947941299717128,9307472575948363192,131072 /prefetch:8
2⤵
PID:1560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=744 --field-trial-handle=1840,i,4057947941299717128,9307472575948363192,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3804

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:220

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
2beb2ce9e5bf5bf9fc11bd783b87c5df

SHA1
8aa4d95ff2d3d012c02ed60568c98bb727a177c7

SHA256
49588f3ac05206244e9e77b8a3f4c854bde57eba7eaaf12da87e38990ecffb47

SHA512
482ff7570b80a4541534bf145ee83bdff9694fe22a7e0a77724db7797aa1146a5f29dfd0aa86c2f68e3de5086e29cb49297ebe959776ea6073963567c6ec54ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
373318f55362ee1b8360fbfa0bf7147d

SHA1
37ad818a27c6fc784034092c16b3d08d0d8fe496

SHA256
276ef93181a30f46ae2b01cf68abaf2ed77be568be7e1a04fbd9c8c19845a01f

SHA512
b7d63406d638b5d93bacde4c55972162da29772c2c08ec180f521ca2ed065dc27b1425072825ac1a9e94bf55494ce2c2b81c8947adeef1b5f4635e91213ef3b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
336B

MD5
679c627734796aff830baeeeab3f06f0

SHA1
4178e33b4d532fdfec894878bcb2d0a2f5726659

SHA256
b1c502daec4018cc28adb2b17b13612dd0e61485f946eae685feeea4a717fe87

SHA512
a16480006db0a7176ef0c9d883d3028b06fc01e329e6ff06c19fd9357f314738a753b2ec1a7d76945899f897fab7a9106ba0a1ed0706d5ed47ba78493ce4386b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
435c1d51d151066d4808897485bcf925

SHA1
47f919e9003fb2ab6d45206522b00195b7b1dba6

SHA256
24c6695f4f259d953e76fb56355c7a87bc9881b31e2bcfb1d4af6b4960badc95

SHA512
f9663fe13dd411f246e259b4d7a2533a6d4d7ec4ed69f056d9badd9d0aab20281dd71f44d2af98f5e8046a242f7cd56b25c8d029ef1ecbc933864f6273654620

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
538B

MD5
ad0aef2f9886d8c14e7f7c8bb37d59bf

SHA1
2c4598eb611ab6d0d33697a095606ee58915b0dc

SHA256
d8f3f2668dfab3682a35facb2e2cd864b11902c46931c9c8c6c80a010288adb2

SHA512
2852603648498b356cd50007c92a4819335a3f54e20db4c25c85adf839161e76970aa2310999bc36b60ebf85082ee394485a3865936f9cffbaf451da9be0d0d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
6f66b66190bae3561f75ac949187242d

SHA1
62a7eadac50e1d9aaddc1256b7a5a01b9e2132c2

SHA256
f996823ddafe16b36e128f42ddd407bb23ce2be965c6338e792f9e4b5601cc98

SHA512
a82900fcd8b09393c5d95912fa0493e06a12220b769b68ce2adfc490b7aa683dbadc2a67c0a81dba56405bb8f0d03182a008484c1d7f03178b26a0e13cf28a65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
1c296e0c3b36d48bf260ac8c91a66bc7

SHA1
2ccf39f96c6a5c2de1e618b063f1942f167bb90d

SHA256
a09200c6a85cc52a3fb385775c4883b4c3016ba7af2b814e872e241fa6009004

SHA512
9d04d2038050b086b025434f4764ae9f671ac69120f7a78465a58ecbc1106181e15ab375a3359c27ca66029ccc1e3e3f55f6db1dfef7b682f9740236d1ccdee4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
b6be88fa582c30512442fb6aae12f8f8

SHA1
d93058edd833fb423794daf74c68a98c0881099c

SHA256
019dd32b4155144ae9af3f1f9351221e82f980d39c4cea579bd578104b076a24

SHA512
8a833ce12833a44103b5851071fdd85a7ff0b10f10bc385c4f83e99697848c3474d89d2fdc3001a5e2e7a401d70adb94bc9554ea588a95fad1e7e33c574e3718

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
6f381af872a4f1b8896044061d9e9023

SHA1
c5b4b2199e31c23df4ab8612c3a36bb44a1178b1

SHA256
f250115844032ce964f123772bd51739086e2b8b97505f2485ea054c82951891

SHA512
ca5ee053f25c942cc86434de4916d788e2505ff5a95263a4b8fef7a11b69e7edf246c5a94f2ddda7ce7fa766869ccdda225aef9ae5190e406c9109d5710d5ca8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2172_IRGYLWGGFGVCXSIU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit