hxxps://colchadoyasociados[.]com[//][//][//][//]/common[//][//][//]kzgtx5[//][//]abhijit[.]kishore@vodafoneidea[.]com?id=com[.]google[.]android[.]apps[.]youtube[.]music

Analysis

max time kernel
301s
max time network
279s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
28-03-2023 06:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://colchadoyasociados.com/////////common//////kzgtx5////abhijit.kishore@vodafoneidea.com?id=com.google.android.apps.youtube.music

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133244604548273075"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3612 chrome.exe
3612 chrome.exe
2596 chrome.exe
2596 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

3612 chrome.exe
3612 chrome.exe
3612 chrome.exe
3612 chrome.exe
3612 chrome.exe
3612 chrome.exe
3612 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe
Token: SeShutdownPrivilege	3612	chrome.exe
Token: SeCreatePagefilePrivilege	3612	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3612 wrote to memory of 1308	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 1308	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 2976	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 1448	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 1448	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 264	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 264	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 264	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 264	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 264	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 264	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 264	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 264	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 264	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 264	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 264	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 264	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 264	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 264	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 264	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 264	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 264	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 264	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 264	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 264	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 264	3612	chrome.exe	chrome.exe
PID 3612 wrote to memory of 264	3612	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://colchadoyasociados.com/////////common//////kzgtx5////abhijit.kishore@vodafoneidea.com?id=com.google.android.apps.youtube.music
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0b619758,0x7ffb0b619768,0x7ffb0b619778
2⤵
PID:1308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1752,i,4165790161941998471,5460903825909474984,131072 /prefetch:2
2⤵
PID:2976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1752,i,4165790161941998471,5460903825909474984,131072 /prefetch:8
2⤵
PID:1448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1752,i,4165790161941998471,5460903825909474984,131072 /prefetch:8
2⤵
PID:264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3208 --field-trial-handle=1752,i,4165790161941998471,5460903825909474984,131072 /prefetch:1
2⤵
PID:4708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1752,i,4165790161941998471,5460903825909474984,131072 /prefetch:1
2⤵
PID:4736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4536 --field-trial-handle=1752,i,4165790161941998471,5460903825909474984,131072 /prefetch:1
2⤵
PID:1600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4468 --field-trial-handle=1752,i,4165790161941998471,5460903825909474984,131072 /prefetch:1
2⤵
PID:2696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3372 --field-trial-handle=1752,i,4165790161941998471,5460903825909474984,131072 /prefetch:1
2⤵
PID:688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 --field-trial-handle=1752,i,4165790161941998471,5460903825909474984,131072 /prefetch:8
2⤵
PID:3952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1752,i,4165790161941998471,5460903825909474984,131072 /prefetch:8
2⤵
PID:3868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1752,i,4165790161941998471,5460903825909474984,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4900 --field-trial-handle=1752,i,4165790161941998471,5460903825909474984,131072 /prefetch:1
2⤵
PID:684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5184 --field-trial-handle=1752,i,4165790161941998471,5460903825909474984,131072 /prefetch:1
2⤵
PID:2280

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1568

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
fadca7d05c863ec0e8a83b6a3e41b9cf

SHA1
49050e40b4b6544843bec0b81ddcb2be94c1fc85

SHA256
20d4ed79281b23abe0bd8582b544cc71bd9f57f05c75fbd74ee1e02ef50b2ec8

SHA512
f85f5d983bbf32b15d612865dcdff95ec5f039fa60b4c4c3fd94ec4dcb35dfe021ddbae107ec283b881fbd7beb7381952220406179b86a65835fc6301daea54b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
467d888f86bf3a22820248f516aafe3f

SHA1
2ccf641e0a42b471de56867b2aefb07efb000e8b

SHA256
ff86375da34cbc36e2a55da5bd6fb71f48f6bf3bdd25126ff9db10075fa7b6ec

SHA512
2b13df5e10f6b0798f4a1819133bbddf97026c31b58a332ebd7b623657c4ad992b388e3ab64f3c15eb9531119456b8b5a02d508dd89b6caf519a62a1b5df4036

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
6f6ed21d016d7b4fb750b481a141f5ff

SHA1
a34c84051ee516b8599977c0c596c1b4d8824e20

SHA256
9fa477f1eb8649f51f04f05d87d5c4683eaec4435489c911f0b1fdb7b3b4d1b7

SHA512
a77220da366db0b81752065e8863f7bba230a8de8162d6c0ea63c02aac9494a661cb3543649520c8f847d3b444a8f9558457f8782da2fae31b4eb850b309778c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
8585f88fa9a63874f95e96e899757fd0

SHA1
ac8d5a72c28546fb95dba4d985ca8b1fbde926bd

SHA256
0fcdbaffa4b271de8bbe25f6284f25a1bfaeecc0edea7724b45632a532e586a3

SHA512
73344a009c5cd9047ce0f73b8d17b5395d0e98004c295952b9fda7d805ce328452ae525fb29970a569fc70c2f078e1d49b2f0c0016ceecb69cbe4df737f08a3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
84e0ab5dc42a249225dd0534156de189

SHA1
b4a41e7c7c7fe654f5dd5347e2bf461cb7e45f9c

SHA256
d55d932ffb1890bd21d26e09c5caff67216805e7fb54bb01ac9df8f79ded2006

SHA512
920fd1db42e34fb1ae93092db4c9a8aa215710e2d569db9ad78d771f29277df2225227ecb168027300258adb94c6adf71208f195d3577562a50fd0335e41f630

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
8fe4d733ada4a2edf597f93c7bc41f49

SHA1
a4921c4221425190ec9701d77364d9377a9b24ab

SHA256
eef92288cd5bd7a34323684c1193ff487fa2ddc13ab6659357725786291104d7

SHA512
11af8850c319148347d8e40ae3ca117549e3c965fe10674e45a64489aedb5d486d8ec5914ec9ef1eeac98b61f7f41fb09bddca1882977bf9d60380ead572ea4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
19ee49f1516d431b588cd2b7cdd82a1f

SHA1
fefb0a4290901d2f1811d50b7aa4648c0b9db61e

SHA256
d8b33213115af52eae613800447da9d79262a6377e2966ec00a559aac0aae459

SHA512
f1f2d9c17e48f30ec0f1cd24152029c99a68ddb5b2d1571945fda026f60664f09300688d2308bc3117f65de6adcec11f0c4fe3ddead46b2f644e0ec707279a36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
6874bd98f2aa35a4bd1586351b459e7a

SHA1
ec71ee6a0f46d2f3cac393601811331eaff56f4c

SHA256
f57402bd49d2360ab553bbf98b285c67163115d1d4096c163b9f9d93f39af3e0

SHA512
5e3a2ca3ba9fee5f51459e8ec22b13de313d10a573224f32ad5eb112752ca78f4551dd563691065e8cbca98eeb721702695b514d4eb8013972acde094980f967

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
394345ddb075297c49b54231a24631d4

SHA1
fb22e8ecce9f5f5c80617f8ba56937d00cc4eeae

SHA256
70fa64c456d095f001de52661b51ef5225a02c6d5865a154f1903a3327e5cd87

SHA512
0e4c550110782bf0522a22aa317931fe81898a35e1dab3a32d3ca023cbb533ca86dbe733c6857f03f409abb213479f12f3c7bcacd7af5edc831dc7b6dacf14c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
d496b7cbb1354669a8a0883218429c23

SHA1
db0f462ddde8b48ec40b8b05df48fb44408ebd5a

SHA256
43abcd985ed3f7ab37011f18bbf55083979e213375bbf70d89ed4b1bc3c89d38

SHA512
2a47bac9ae3a89e47232f2cdd4c980a8c7618dc3a1b5720818d5a1e0e5f04a89d0a4b3b7a52cde72dd475d832735998769a2729388fa69c5cc13346bb110502d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_3612_QJIJGSQYADPKLVGD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit