hxxps://qmservices[.]ca/live/auth/oath/?x=x&a=niclas[.]x[.]eriksson@hitachi-powergrids[.]com

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
11-04-2023 04:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://qmservices.ca/live/auth/oath/?x=x&[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133256688441955221"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
3296	chrome.exe
3296	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4444	chrome.exe
4444	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4444 wrote to memory of 3228	4444	chrome.exe	85
PID 4444 wrote to memory of 3228	4444	chrome.exe	85
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 1868	4444	chrome.exe	87
PID 4444 wrote to memory of 756	4444	chrome.exe	88
PID 4444 wrote to memory of 756	4444	chrome.exe	88
PID 4444 wrote to memory of 1804	4444	chrome.exe	89
PID 4444 wrote to memory of 1804	4444	chrome.exe	89
PID 4444 wrote to memory of 1804	4444	chrome.exe	89
PID 4444 wrote to memory of 1804	4444	chrome.exe	89
PID 4444 wrote to memory of 1804	4444	chrome.exe	89
PID 4444 wrote to memory of 1804	4444	chrome.exe	89
PID 4444 wrote to memory of 1804	4444	chrome.exe	89
PID 4444 wrote to memory of 1804	4444	chrome.exe	89
PID 4444 wrote to memory of 1804	4444	chrome.exe	89
PID 4444 wrote to memory of 1804	4444	chrome.exe	89
PID 4444 wrote to memory of 1804	4444	chrome.exe	89
PID 4444 wrote to memory of 1804	4444	chrome.exe	89
PID 4444 wrote to memory of 1804	4444	chrome.exe	89
PID 4444 wrote to memory of 1804	4444	chrome.exe	89
PID 4444 wrote to memory of 1804	4444	chrome.exe	89
PID 4444 wrote to memory of 1804	4444	chrome.exe	89
PID 4444 wrote to memory of 1804	4444	chrome.exe	89
PID 4444 wrote to memory of 1804	4444	chrome.exe	89
PID 4444 wrote to memory of 1804	4444	chrome.exe	89
PID 4444 wrote to memory of 1804	4444	chrome.exe	89
PID 4444 wrote to memory of 1804	4444	chrome.exe	89
PID 4444 wrote to memory of 1804	4444	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://qmservices.ca/live/auth/oath/?x=x&[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6cc89758,0x7ffc6cc89768,0x7ffc6cc89778
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1840,i,4318449815063602945,5053523251402655529,131072 /prefetch:2
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1840,i,4318449815063602945,5053523251402655529,131072 /prefetch:8
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1840,i,4318449815063602945,5053523251402655529,131072 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1840,i,4318449815063602945,5053523251402655529,131072 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3192 --field-trial-handle=1840,i,4318449815063602945,5053523251402655529,131072 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4808 --field-trial-handle=1840,i,4318449815063602945,5053523251402655529,131072 /prefetch:8
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1840,i,4318449815063602945,5053523251402655529,131072 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 --field-trial-handle=1840,i,4318449815063602945,5053523251402655529,131072 /prefetch:8
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1840,i,4318449815063602945,5053523251402655529,131072 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1840,i,4318449815063602945,5053523251402655529,131072 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4484 --field-trial-handle=1840,i,4318449815063602945,5053523251402655529,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3296

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1060

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\32095029-71bb-40b4-827e-06ec61dd3cc6.tmp

Filesize
15KB

MD5
d23a89509bb3833d942b89868e3e3e84

SHA1
c432cd47faefc12e82dc76cb5864c35bb48410ac

SHA256
0e1654f6d78f399f679ebc3ea542293bd17fe4e398cc2c5dd383aa4089e975e5

SHA512
2791164b9a3545d9139d4818dd05e99b0cb321abfdcfba47384b33dd02f092487bd89743cfada9423cf7124f5ec2bdd76cf3856ead4e573d2b7e451e68cc1d55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
7ac08735ad48631d0557445bff62b0e3

SHA1
17fbf58bf5af9cf1c7633e87bfb3fe88b0f5814e

SHA256
caa1fffa04881f5cd9ea8aae715e7d7fef9d44a873b694c601b68b45f76c95ca

SHA512
69131a4241942fa29af777f0e20731dec023cc8429a2f3795e3fd1c445430923ac6e80a4b45cbccc011d3b8c8e4ae61ee41aae70a2e856f63afd6e53d01da61e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0953ef2971b4f7e8814f4f9a2b890537

SHA1
213485c45928a9c9312a3ddab11239073632a1f0

SHA256
c3242e8ae28801c6a44a56283d583761b7dbd955facb0a54e33f3c5e3b275602

SHA512
7fc888e7ad07ba89a2765c933afcb33826bce310d0aa72b9206df9496f04808ce594f81688acffbcc358fcc3710e676f5d7cc970e6a74699e63b83f7715202fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9a0dae207e31a5d65ee160d555fb8d51

SHA1
46b1a2891c384085fde359d08853477ba4818afc

SHA256
4a6f23abaea903282619b8565dfc117ac199794d8d94c84b9705743d46579369

SHA512
c2ecdadbf7f8bd24748e1ffe391c5e476d93b037227c22615f8b292bf339c13e1130e2e27183e0cb283bbfb6a32d8290021ed0dcf7301e9ff7002adb3574fa09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
104a0d1faf1229247df6f4cd9067bddd

SHA1
62a4cfcfa06678c08091b7ccae7fa7e3ba2e8a98

SHA256
4bb472f528a250cea063a8f6eefc5335b931dca062a6a9f27fc2a6afa28b375d

SHA512
c90042377d613ff83bbd711be28d9950ae66706396755f0dde0828e343d23ddd854b22314a656bf64fd3a9d4cc4b892dad6bcd23a5203c64e0a79ef7c3ae66dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7cf0c1849b0986dbf4538e6e72fa3456

SHA1
d114d3c7a73008a807f44c724f6ec634f7edbad0

SHA256
07ba505e36761b29582898862499a552f2c4feaca20c554ccc111b0e89d61cf0

SHA512
61ba2a8b2eb7264a228fd369d5bbc0944e6395f918dbaaab90a82687acd3726cdc68eb4cf65bfce3141fe12e1277a58273324e73b9862497f87938fb75d40219

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f4f527fd3b7571e6d8fbb088cca366b5

SHA1
d7f1c20102fb8d2886832bed10af4ddc95c76244

SHA256
383757029bca7e2f3097610b03d30b1fffb3142846c778661c6c6199e5e239ca

SHA512
a8f41cca1a15a1ccad32a4d6b79b5173b5ade96961b943fc6243e66007fb3973ffd281fa9cfb60fdd1e739de53e3eb30f2607daee0824f3b33b1301fd4797e01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
49e2b15e8ba23264d05d69f5e77a923e

SHA1
9ad963b3af12f2328dee046609df9dd5c386cde2

SHA256
34938c8ad297492219208bf773c15f8ef79e25333a7360e69c2c8c9ccfd641e0

SHA512
95392de820c3cedb45f48419257a7e992fc42ee47c7d8a417562db11253cc4de492ccfc1983f63c8c49c0dcd7ff761354e89734826c1129037c5d7818aa193fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
731b06f66c61d7b4e4a55fcc4d2247d3

SHA1
2525bd84d72bc89fa12062f1f42d4ec4353054d1

SHA256
7e97bb1d568ec6f1ea73a7ae5cd8583829296461b5dc5fe94c3ab75e27fe63ca

SHA512
a1bc9900d01047546a2adf41ff8f5b5b50868fa67ff4def7ec166591f3ca7bf79a8b6a86f5c4b32ad37a42949d774261db599ea4958b8128c2feb7581713eb9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
75ee9c336fd62b3d2ff1ea889606bc29

SHA1
64e600de0f23739b64592ca7ad48cd70defbb66f

SHA256
2884b5d4aa354f771ecd46125fd839b4e46301f4e2d33fc9c24303e10c922ff3

SHA512
5e91ee0c076ad1eeb403e1e4d95bc600504e5621866edd81ed03d921b2afe2f346967785fc5ad620bd531801af50b7dfe9dbbeb3f76cda8524e42418fdf70da3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
514d6a85872af0cca48695c71b4f0c37

SHA1
65ddc636fd65427979e8dee5957c99b183b2a35b

SHA256
2a5c319ab562ffd286978a9f09d18de77150ac8d4b4d01314b8aae17b94034c8

SHA512
57b8f62e746c82d54ec7bb485afc60a30212cd2616e9b1f29b5f1308ba79fba0b6551dbaf002194224611f76367dbf865eebc12664a77f323cd7d4ed2fb8bda8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit