hxxps://pcsdl[.]com/short-url-v2/001353596428/scenario/674730___193b3aa3-1c23-4fd2-9edd-4ff8b6e6d4b1[.]exe

Analysis

max time kernel
353s
max time network
324s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18/05/2023, 06:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pcsdl.com/short-url-v2/001353596428/scenario/674730___193b3aa3-1c23-4fd2-9edd-4ff8b6e6d4b1.exe

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2232	scenario_674730___193b3aa3-1c23-4fd2-9edd-4ff8b6e6d4b1.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
968	2232	WerFault.exe	108

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133288706974250081"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3768	chrome.exe
3768	chrome.exe
4776	chrome.exe
4776	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3768 wrote to memory of 4668	3768	chrome.exe	85
PID 3768 wrote to memory of 4668	3768	chrome.exe	85
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 1080	3768	chrome.exe	86
PID 3768 wrote to memory of 3540	3768	chrome.exe	87
PID 3768 wrote to memory of 3540	3768	chrome.exe	87
PID 3768 wrote to memory of 4008	3768	chrome.exe	88
PID 3768 wrote to memory of 4008	3768	chrome.exe	88
PID 3768 wrote to memory of 4008	3768	chrome.exe	88
PID 3768 wrote to memory of 4008	3768	chrome.exe	88
PID 3768 wrote to memory of 4008	3768	chrome.exe	88
PID 3768 wrote to memory of 4008	3768	chrome.exe	88
PID 3768 wrote to memory of 4008	3768	chrome.exe	88
PID 3768 wrote to memory of 4008	3768	chrome.exe	88
PID 3768 wrote to memory of 4008	3768	chrome.exe	88
PID 3768 wrote to memory of 4008	3768	chrome.exe	88
PID 3768 wrote to memory of 4008	3768	chrome.exe	88
PID 3768 wrote to memory of 4008	3768	chrome.exe	88
PID 3768 wrote to memory of 4008	3768	chrome.exe	88
PID 3768 wrote to memory of 4008	3768	chrome.exe	88
PID 3768 wrote to memory of 4008	3768	chrome.exe	88
PID 3768 wrote to memory of 4008	3768	chrome.exe	88
PID 3768 wrote to memory of 4008	3768	chrome.exe	88
PID 3768 wrote to memory of 4008	3768	chrome.exe	88
PID 3768 wrote to memory of 4008	3768	chrome.exe	88
PID 3768 wrote to memory of 4008	3768	chrome.exe	88
PID 3768 wrote to memory of 4008	3768	chrome.exe	88
PID 3768 wrote to memory of 4008	3768	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://pcsdl.com/short-url-v2/001353596428/scenario/674730___193b3aa3-1c23-4fd2-9edd-4ff8b6e6d4b1.exe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c1169758,0x7ff8c1169768,0x7ff8c1169778
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1768,i,4013247823744802728,345691300347933883,131072 /prefetch:2
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1768,i,4013247823744802728,345691300347933883,131072 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1768,i,4013247823744802728,345691300347933883,131072 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3204 --field-trial-handle=1768,i,4013247823744802728,345691300347933883,131072 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1768,i,4013247823744802728,345691300347933883,131072 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=1768,i,4013247823744802728,345691300347933883,131072 /prefetch:8
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5512 --field-trial-handle=1768,i,4013247823744802728,345691300347933883,131072 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5500 --field-trial-handle=1768,i,4013247823744802728,345691300347933883,131072 /prefetch:8
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 --field-trial-handle=1768,i,4013247823744802728,345691300347933883,131072 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 --field-trial-handle=1768,i,4013247823744802728,345691300347933883,131072 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 --field-trial-handle=1768,i,4013247823744802728,345691300347933883,131072 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5908 --field-trial-handle=1768,i,4013247823744802728,345691300347933883,131072 /prefetch:8
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5884 --field-trial-handle=1768,i,4013247823744802728,345691300347933883,131072 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 --field-trial-handle=1768,i,4013247823744802728,345691300347933883,131072 /prefetch:8
  2⤵
  PID:632
- C:\Users\Admin\Downloads\scenario_674730___193b3aa3-1c23-4fd2-9edd-4ff8b6e6d4b1.exe
  "C:\Users\Admin\Downloads\scenario_674730___193b3aa3-1c23-4fd2-9edd-4ff8b6e6d4b1.exe"
  2⤵
  - Executes dropped EXE
  PID:2232
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 276
    3⤵
    - Program crash
    PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2796 --field-trial-handle=1768,i,4013247823744802728,345691300347933883,131072 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 --field-trial-handle=1768,i,4013247823744802728,345691300347933883,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4776

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 2232 -ip 2232
1⤵
PID:1336

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
949B

MD5
7d9ea5f406ec3812405086c13c86da7e

SHA1
6e86898e9128696d1ad8c37db9925ed40b868ac0

SHA256
9c8ba1549dba7beea75295667c4ae057d473656827774fd2770912011b76f43f

SHA512
3d89a06ccdd86fb5de81d1aa96fe5dd76034fca2685a7076766f6bbede099207780243d16f56bf906ace2bf466a348d4c7f79feb64e1c939dd612e16ef299c9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
94ca8d31685b407e69b7115deb0fca18

SHA1
860c34412d441c42905880de858a9264c815c6ec

SHA256
2e0aa1d7a12f3f635462e3e5e50473924de071333451efdc9025a8ad645fe978

SHA512
030db88e85b9be728bdfd881c0d73ecd8538b3a78cc38671c8c9f4a866a820024795732bd3e659c2e95619d819da3f56922552cb1e062e58e4908a453331b244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
96d43dd06a84b7103e5b0431edb1b1cc

SHA1
f7dd0993e0e90ca352fc9464e0df0e1dba372771

SHA256
3d6e4b253aac89ab4980c81ce3aaee46398bfef27fab6851f62f3961853ae17e

SHA512
262c239f1d66297407451cc9dd48554ae3e693e70cf42b87e37f2ce20a13ab89cd85d9471a4e10cb8f3f31fa9bb00fc0989888b527575731ef60ac03b5e12b9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
e139954124a5b16f2d8bc4afc0adaae6

SHA1
a5da352ca6da258fab75dd6ee0cfcecdbe57dcdb

SHA256
85e3ba410d654d28c9849aec761c1d959c47444000c9efc6d9eb995f39e616fa

SHA512
7f60298afb640f36bb84e9dee0fb2177d490a060faaed191c6f716bdacfd464ddbf90a56a3c3cf34c125613fc5f997c1e71676f792fa0fd0e95c2f85e8aec913

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
97b6beb2fe1b00e44d383bb02983ef9f

SHA1
8af2c7e0cbef1422bc86ec0ddb7750834f1a8b18

SHA256
b006fd7d90409be753c2feed3ef12b4a8d71c158c0831060ff6113fe6ea62525

SHA512
5dc82fefd3b033b88fa90b629bcdb2100a8439218699cf5bb67e6215e6528ce63f1a50e8256e596e3c1f797d285596163c2922cc66162e6e7a0123b6191b700b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
b8b29246fff1c267fa37b8e5998404b7

SHA1
52251a25add7169cdf924d41c33c5d94d4b9aa3c

SHA256
93c9622b7ec96fbb25cf2c6366cc870212a833c40af8d9281faa9ad77d057d7d

SHA512
a84cebd558eb4c4f3f236a4d553bdc5336282bce46e188292ab9d7f7bcdbea594cf393924f09e19ea036883e55143a5682dfc862f5bbc91a4cb0532799745c6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe56fded.TMP

Filesize
106KB

MD5
bbe685a135ddcc5042c8e0b7b96c6b04

SHA1
626c36b822c62889415445b99ea6989d47b36f60

SHA256
99fd94f1acda4cf62aef0a3897dd7afef5a33290fe426980d5ee857fda361375

SHA512
8d3ef79ecb160d095fc4175c95fbf1c2fa7889edf76c5ea68651d51c6f71d89e0cfb1bbcca10c2d752072d6548021445d8958a18ccb36e15ab86268fbc4a6537

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\scenario_674730___193b3aa3-1c23-4fd2-9edd-4ff8b6e6d4b1.exe

Filesize
191KB

MD5
197e526a91e1a978dbdac0abc3bfea97

SHA1
32baad03bbcf6c42250a723ab78961fea1fbe8b8

SHA256
87e6f7b20ea2bd35d947d9100fe6291dfe186cfedea5d451be14bab5d2518e89

SHA512
aa4241a8d748e5c1fb38bc0ca452e8ff2d1fee2c75654b9bbc3a4261bcf97601e507bbeeda2959e7e1b432f8b3f9ea3142cedf7ef90bda4046b25d82f86db923

Download Submit
C:\Users\Admin\Downloads\scenario_674730___193b3aa3-1c23-4fd2-9edd-4ff8b6e6d4b1.exe

Filesize
191KB

MD5
197e526a91e1a978dbdac0abc3bfea97

SHA1
32baad03bbcf6c42250a723ab78961fea1fbe8b8

SHA256
87e6f7b20ea2bd35d947d9100fe6291dfe186cfedea5d451be14bab5d2518e89

SHA512
aa4241a8d748e5c1fb38bc0ca452e8ff2d1fee2c75654b9bbc3a4261bcf97601e507bbeeda2959e7e1b432f8b3f9ea3142cedf7ef90bda4046b25d82f86db923

Download Submit
C:\Users\Admin\Downloads\scenario_674730___193b3aa3-1c23-4fd2-9edd-4ff8b6e6d4b1.exe

Filesize
191KB

MD5
197e526a91e1a978dbdac0abc3bfea97

SHA1
32baad03bbcf6c42250a723ab78961fea1fbe8b8

SHA256
87e6f7b20ea2bd35d947d9100fe6291dfe186cfedea5d451be14bab5d2518e89

SHA512
aa4241a8d748e5c1fb38bc0ca452e8ff2d1fee2c75654b9bbc3a4261bcf97601e507bbeeda2959e7e1b432f8b3f9ea3142cedf7ef90bda4046b25d82f86db923

Download Submit
memory/2232-198-0x0000000000050000-0x0000000000084000-memory.dmp

Filesize
208KB

Download