90e2d50df5ac5b437e21ed7f744bb1bbfdbec751e2093cf497c166cd43acc59d

Resubmissions

26-05-2023 11:29

230526-nls4esfb93 3

26-05-2023 11:27

230526-nkymhsff8z 6

Analysis

max time kernel
613s
max time network
618s
platform
windows10-1703_x64
resource
win10-20230220-es
resource tags

arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
26-05-2023 11:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Evon/bin/vs/editor/standalone/browser/quickOpen/symbol-sprite.svg
Size

20KB
MD5

649fb0a55b0e0fc9d79e6b7872a14c10
SHA1

b33619c9dfd65d3f2e5a5fcb767a752123d51607
SHA256

fcc3026b97068f3d9e1743d36ca26b96ffdbcd2841fa9d804caccc4f249911c8
SHA512

3fb4b07e9313b69c84f887c9ca0464e4c8d06a98a8f2ad7d0b48452d068bd526004c21633d0279b4b5e17ad882acf8c7e99b4c3e7650be43b495b670a87d0cbd
SSDEEP

384:cyPJZCcKWPJuCNoSmvcar1PNY6g2HdSjEc3/WD3:DCdCNkvcaQ6x9SjES/W7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133295819904551979"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3984 chrome.exe
3984 chrome.exe
4976 chrome.exe
4976 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

3984 chrome.exe
3984 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3984 wrote to memory of 4076	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 4076	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2180	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2076	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 2076	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 372	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 372	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 372	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 372	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 372	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 372	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 372	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 372	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 372	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 372	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 372	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 372	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 372	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 372	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 372	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 372	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 372	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 372	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 372	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 372	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 372	3984	chrome.exe	chrome.exe
PID 3984 wrote to memory of 372	3984	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\Evon\bin\vs\editor\standalone\browser\quickOpen\symbol-sprite.svg
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbe0be9758,0x7ffbe0be9768,0x7ffbe0be9778
2⤵
PID:4076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1864 --field-trial-handle=1796,i,4404809319349478392,13737949717903930904,131072 /prefetch:8
2⤵
PID:2076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1796,i,4404809319349478392,13737949717903930904,131072 /prefetch:2
2⤵
PID:2180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1796,i,4404809319349478392,13737949717903930904,131072 /prefetch:8
2⤵
PID:372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1796,i,4404809319349478392,13737949717903930904,131072 /prefetch:1
2⤵
PID:2968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1796,i,4404809319349478392,13737949717903930904,131072 /prefetch:1
2⤵
PID:4856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 --field-trial-handle=1796,i,4404809319349478392,13737949717903930904,131072 /prefetch:8
2⤵
PID:3748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=1796,i,4404809319349478392,13737949717903930904,131072 /prefetch:8
2⤵
PID:3712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1796,i,4404809319349478392,13737949717903930904,131072 /prefetch:8
2⤵
PID:3752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 --field-trial-handle=1796,i,4404809319349478392,13737949717903930904,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4976

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3892

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9f7725eb-60cf-40b3-b0ef-b8959cef9605.tmp
Filesize
5KB

MD5
996760e8123485feb2c37055c753879d

SHA1
7dff0d686584fee803e72b2ed9ad7b3e0be78d17

SHA256
09e4f35fe42121ff3597d85889041a66d5afc5f5e861a2939a31c16480cc8990

SHA512
4f6cbe19148b0195bc8cc7f8e0e35087394cbe3b1341271d25fee0813e002be4a0bfde53782a6cfef006036828092d89b5aeefc5f1a9dc1fe5aa02e7a342c0af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
688B

MD5
47001b4b13ebb0c822faa8717e0941ae

SHA1
a17e4745b98068dbdac30c0268077ce0ee41ae9d

SHA256
410c1c5e4f4edca51dbe05f54d73fa032035fbf2fa5fdee1c7c455999c04425c

SHA512
1ad3bf25d583504b3f76b3d392b817666064842861c03037d7c94d04f61c8cf18aa5eb9d95abb3d8313e9869942202ef571232f6f05dd70dd46673aaf80d1798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
884B

MD5
e359d58c03d803a5e99314f1ed29c379

SHA1
ff0541bb7a87cb4ffec4dd070b71fe6fbb7ce949

SHA256
8ec9d6698a4e5de99b14b067775732302386313ca5ef5e50b2011ef36058b419

SHA512
b2437dce4b1a7de0ca66ec07409ca7846b5d0b11842ee383224744e2c573f658b6ce3a0bf27beb5107f084e5e1039973056bff9e84cd44658e25a140499cbbc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
bcd53aaece5c7deafe675bacbf8eb4e8

SHA1
9bfe0a03329fa6978d8cd8f0ea8d57765dd8e125

SHA256
5cb6aa00e7458b50e3c42a5fd1ae3e44fe1f40fd683fae7a0631e6257436322e

SHA512
3ca9f1c008cfe61b7b219dbcd8a3faf0d5045482905f033e2df8aaf98bb6fcad58d2c73b868d43b4d492c8dbe2497143efe5ee615c5af1c0aceb21bd41ead0fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
a57b742529a5230628969d1d41ff32fd

SHA1
045311fd217a8f10f9b803136e1afdd0fb9759de

SHA256
e88ff6939f87f1732f279184b982320ae34b2ac42519deab91315b4130aa93ce

SHA512
9e4a3d38561b2e8b23ea0d0bfa11c9cd48091c917c5545971dcd2c0949eb9eba1dde84c415984ad7a8427eb3eb2e64a4837747a241d3d1f01ef8952d36a5d5b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
643b07fbcea8a9d775ee21719d0b0e61

SHA1
e2a5b0741a79ab85acaa8c99c900fc3fc11f6cea

SHA256
eab82068f40fe900045a78e4a2cec0916f540588a6ad959c5369cc0d79271b69

SHA512
70eef511fc3b2b0036c44014b22b288506f12d1bddd6f608d3e569e6d5e5e3c020a8dc300a3945f0eaca074a250c22e537b2aa9d0284d8a59b41104cd2783298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
12KB

MD5
82120043b403d7cd9be28dde0be56dbc

SHA1
fd4c127ea23822253f355b67f8d5cd924c5bfad7

SHA256
33fbb15e52e914a63e33a375b36bab522bc0b49c1032916d90195706297f246e

SHA512
0bf873383a6388b623b1a3c186cd4fa02765272cd2e004be65e794a3ced2de9aaeebc4d58356c2fdb069eb5ac41f7a7107b0075baa2d251e1cdd9567d4abb577

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
153KB

MD5
e1da6a79953b970dc1187e1b4f3b545d

SHA1
f5b91ef5cf9918546e8bda9ed66da2ffe72eb1e3

SHA256
b87f5c7bb081e6e675825546abca9502b88f62186a48b19d7dbdf993612fcd08

SHA512
51bc68a568dbfcef1785ddc4d4d21c0f412458b74b8ba81d63fe9839861897bd53863e6dece5bc8468056739ebf6a3ecf8b0f2e0f7cb533b5bc6b7221810da37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_3984_ZMHRXPDZBGCAXDFB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit