8cad66adb36b1f4f64204a4328a063ae33695dbbd5386f761cfb56c2c0987471

Resubmissions

29-03-2023 05:23

230329-f3ey5age3t 1

29-03-2023 05:06

230329-frr5bagd9s 1

Analysis

max time kernel
601s
max time network
534s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
29-03-2023 05:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DiagPackage.dll
Size

2KB
MD5

0ae02945834e3a8be734dee01ab879d9
SHA1

39a55df41bf82bbb08a4544295faf3ced62d11ca
SHA256

be2f0bac4a5ae87af8f6bab5875c0977792ee5ca5959a96181c146976b671fd2
SHA512

22a5568c37bfbb373702eed748218e5eaf411f2ffedbdf535316c6ca20cddb57761b0b71eb36a9e133993dd89faa9c43659419d79d9f9d328d85800e4bf7518b

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133245472516472356"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid	Process
1956	chrome.exe
1956	chrome.exe
3996	chrome.exe
3996	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid	Process
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	Process
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeCreatePagefilePrivilege	1956	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	Process
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	Process
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 1956 wrote to memory of 4804	1956	chrome.exe	90
PID 1956 wrote to memory of 4804	1956	chrome.exe	90
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 1760	1956	chrome.exe	91
PID 1956 wrote to memory of 4012	1956	chrome.exe	92
PID 1956 wrote to memory of 4012	1956	chrome.exe	92
PID 1956 wrote to memory of 1064	1956	chrome.exe	93
PID 1956 wrote to memory of 1064	1956	chrome.exe	93
PID 1956 wrote to memory of 1064	1956	chrome.exe	93
PID 1956 wrote to memory of 1064	1956	chrome.exe	93
PID 1956 wrote to memory of 1064	1956	chrome.exe	93
PID 1956 wrote to memory of 1064	1956	chrome.exe	93
PID 1956 wrote to memory of 1064	1956	chrome.exe	93
PID 1956 wrote to memory of 1064	1956	chrome.exe	93
PID 1956 wrote to memory of 1064	1956	chrome.exe	93
PID 1956 wrote to memory of 1064	1956	chrome.exe	93
PID 1956 wrote to memory of 1064	1956	chrome.exe	93
PID 1956 wrote to memory of 1064	1956	chrome.exe	93
PID 1956 wrote to memory of 1064	1956	chrome.exe	93
PID 1956 wrote to memory of 1064	1956	chrome.exe	93
PID 1956 wrote to memory of 1064	1956	chrome.exe	93
PID 1956 wrote to memory of 1064	1956	chrome.exe	93
PID 1956 wrote to memory of 1064	1956	chrome.exe	93
PID 1956 wrote to memory of 1064	1956	chrome.exe	93
PID 1956 wrote to memory of 1064	1956	chrome.exe	93
PID 1956 wrote to memory of 1064	1956	chrome.exe	93
PID 1956 wrote to memory of 1064	1956	chrome.exe	93
PID 1956 wrote to memory of 1064	1956	chrome.exe	93

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\DiagPackage.dll,#1
1⤵
PID:1352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4e069758,0x7ffe4e069768,0x7ffe4e069778
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1832,i,16928919478986187965,6222175607123794000,131072 /prefetch:2
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1832,i,16928919478986187965,6222175607123794000,131072 /prefetch:8
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1832,i,16928919478986187965,6222175607123794000,131072 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3204 --field-trial-handle=1832,i,16928919478986187965,6222175607123794000,131072 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3340 --field-trial-handle=1832,i,16928919478986187965,6222175607123794000,131072 /prefetch:1
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4560 --field-trial-handle=1832,i,16928919478986187965,6222175607123794000,131072 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=1832,i,16928919478986187965,6222175607123794000,131072 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4860 --field-trial-handle=1832,i,16928919478986187965,6222175607123794000,131072 /prefetch:8
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4524 --field-trial-handle=1832,i,16928919478986187965,6222175607123794000,131072 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5088 --field-trial-handle=1832,i,16928919478986187965,6222175607123794000,131072 /prefetch:8
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1832,i,16928919478986187965,6222175607123794000,131072 /prefetch:8
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2748 --field-trial-handle=1832,i,16928919478986187965,6222175607123794000,131072 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=940 --field-trial-handle=1832,i,16928919478986187965,6222175607123794000,131072 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3348 --field-trial-handle=1832,i,16928919478986187965,6222175607123794000,131072 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3204 --field-trial-handle=1832,i,16928919478986187965,6222175607123794000,131072 /prefetch:8
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4992 --field-trial-handle=1832,i,16928919478986187965,6222175607123794000,131072 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5184 --field-trial-handle=1832,i,16928919478986187965,6222175607123794000,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3996

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4240

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e529b26a48317596aea4f20dd8a2e45f

SHA1
d2f3b7c2a0ce0e6582ba57bce4d55afb8cb1f59a

SHA256
dcaed1cb093a56093c1606912885a98d44ab90fa07ba0758b7ace4376b8e222a

SHA512
fea05a46cff15a10ebd46b27c259dac40c6fb8cd0b69838a868dbc5602f5af39955f748fa06459e2f0d924960ac0cbe3581cc8d7ce4172f3b93a2d86c015fda2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
94c46b7bbb5eba12acee924ef20d5b07

SHA1
fcfedfcc3f59c5a9f3c6095f5bd667ef561f53ec

SHA256
9102ce06387e3aa744ab71f35fe74cc1b03746141336ad1d87d0984ea17de48b

SHA512
ccf9af0b4f222ade8967f02ce20cb467339d4f2f21b208b82693384a04e0a69d2c96e4f46869acf3ddc40cd99f8c918bf937a317c263bca0140019b589b2f373

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3bd34b9606ab9d23d02b222037f0d3d4

SHA1
ee5f2c34885e6415fabd789275f34c426d4196a8

SHA256
998e05feb1da09039526b24f30d41e34de38b50cae5f635cc69452ab5206290a

SHA512
e26ac541635d419e8b4eaf542c41a538523d57c73d2022a260250015e8bed34d141b126e70ec983720c3097a802e34794cc7444108dfa74cdeb2069895d8b3fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fae00187f51cc6ee76e2cd23e2c88d16

SHA1
0b766eb2028f329a4653a38459d78f280f652d4f

SHA256
6437d05b7e71ed41f490edc5f2c8371a96d78b322e1381c6adb03f79edeb85a6

SHA512
5ca0d6fa132a93d3576b6d91f46172572761ce0c819f44e5c6ab357e5ecf2bf382c83ee1651d4dd6c7650929520f414e06b2e1412499c20484ec83bdc951c21c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
5a112c784f5e397ce185fef3dc1a6fc8

SHA1
d939329bfffa3662ade3278f903ce8c122f9b43e

SHA256
6812fe68c2103a4b850758f5684dc725c48dc67fade9f3cc8b4ebd462549eabf

SHA512
397c1f2c955c5bf67f840d8e43be76f268f2478d2cbd0f2faa46fe91b9396056dd0f565d2fcb2f3d1a2aa8a797bef514143773bcb6f5f96ef0fd9b8dc974e582

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
ac8f91be2ef96f1de611a477dfa03e85

SHA1
752bcaca7fe773ca64cc8d5cf12056d33cb67130

SHA256
412345bc03841d23f1ed561574acc20a6c68f321087e1b8494ba1467fb064600

SHA512
141ffdfab6081c949e061fc0294191438e85c57205624f33994c78b4dd1b57ab27c15563e9e012105c08aa359ad9fc4e9cb9137ad543df6774aa643c3c8456a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5335b3092197ab2a6d2f19c91dfe73fa

SHA1
c2a0bfe74bd9aafdce8fe42031558d50a7854005

SHA256
0ad8c0d6add510fa05dbcba858df0cfa17d2e99e423c4ae625f97853cbd2989d

SHA512
c6b7feeae735ed64a5dcad4115d10b6d83d57c3c99e0cdd930986f6c8d4bdf8795b7df8d18fade79823e4dd12c1e0fd5bd2f3ed297b919fc7dd37aa8ac700ee2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
faa10fbf8c379e9edc38cac60704c456

SHA1
c3d5bbba5d36725ee6efffcea0b28d5d6038d993

SHA256
e01af1dae9b4ff2043f4a79f8e2022779a594b4bae0de4ba341191b020d0d3fd

SHA512
dc0c4006dd526957135018f779e42456e3cc14a9e7bbb53f70e550441764ac75959c37cc0fa4eb64b2f8ef15d32b5666b58c9c7beda18ed619bc3e2055e46705

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
593a1179f67bf4bc43ada2cd23b929f6

SHA1
6bdaf856ac6ad2d002abdb1d4f2fda8878819995

SHA256
57b254caf42298c2051d2260d53832269583c59882d8cdf83a57d9bd5023ae76

SHA512
ce17c1d33565247b4ddfc5eaf0ffea0452b9f4ce75815c95953d9aa5a91b788d443b3a9f5ad9df9e91cdb3d1b970372202a2685c72c6cf78a0b8e6e70ce18f4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7fde2c05bd3dda309a1526db96426155

SHA1
b999577ee6862848157528c1a252e6d422911562

SHA256
04885aced30a4c6a7ff0107c82f426c5f3d45a7b1f425cd7c4d9a3f1b20ab428

SHA512
7eaf8477aaaa91b6a3bbb2ba3af58baa35cd0794514e2ed6da5d3e9fb06a12e59bf6ff0ba4877298c4052eba7602296354250132837727581c95c8345cb662b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
b468270fc6118bc9fde3aec164921249

SHA1
3f45819a5c1884b931d17002273ae8326085de63

SHA256
082be181a6093abc68a05637911d4e3b370c831b63f77a25aa87d50057790804

SHA512
fbec890ff0b2bde55da4238876a31662bd3b4be6ab59e58fac49866b9b2b409ba3c76f3786e8e892ad42bd20f19e7f58a952da9f4dd33bdbc19b7149dd63ac7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
ed9c98b069d3b28b9c9f84be24bcbd21

SHA1
18d437eab181f72b65d2b6a822615321cf2daa58

SHA256
85fe83730a9a832f0eeb97c3789f3ceb9cb4cdb229a882060738dd8807435812

SHA512
ea0af80c268107128ba4ab19105e2e7db4cf6e2aeb828f21bb27df07e804e274e1ab18a57e9d127ccb3385a082e148d9d9340d0b7249c86a3ec37cb0b073c80b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58a64d.TMP

Filesize
98KB

MD5
031a6dd81c540ae9f24892f65171272d

SHA1
ce68d4d3b5bb05e577b4c017e098dd8a98608b9b

SHA256
649b858f0dd7bf8b1eb1be65cadbe3d07e5f48c35b2d04db5a0a73e4d48077c7

SHA512
e702e4bdc8b786b777f49869174bc700bd28f231261da680e9351bcab6bc065273dfe11d73354b660eb543233839c0d5781e3d28072d39216ca282a76827b9e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_1956_AMTLAIAGTKWTVYWB

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit