hxxps://rb[.]gy/z61qp

Analysis

max time kernel
52s
max time network
55s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
19-06-2023 15:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://rb.gy/z61qp

Score

3^/10

Malware Config

Signatures

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

5260 812 WerFault.exe
5128 5800 WerFault.exe

pid	pid_target	process	target process
5260	812	WerFault.exe
5128	5800	WerFault.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133316606676328228"	chrome.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exemsedge.exe

pid process

4548 chrome.exe
4548 chrome.exe
4500 msedge.exe
4500 msedge.exe
Suspicious behavior: LoadsDriver 6 IoCs

Processes:

pid

4
4
4
4
4
648
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

4548 chrome.exe
4548 chrome.exe
4548 chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

pid
4
4
4
4
4
648

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exemsedge.exe

pid	process
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
6048	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4548 wrote to memory of 4132	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 4132	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 1824	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 716	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 716	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 2264	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 2264	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 2264	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 2264	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 2264	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 2264	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 2264	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 2264	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 2264	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 2264	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 2264	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 2264	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 2264	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 2264	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 2264	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 2264	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 2264	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 2264	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 2264	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 2264	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 2264	4548	chrome.exe	chrome.exe
PID 4548 wrote to memory of 2264	4548	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://rb.gy/z61qp
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd62bd9758,0x7ffd62bd9768,0x7ffd62bd9778
2⤵
PID:4132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1796,i,10688129650466066494,14876178706692123755,131072 /prefetch:2
2⤵
PID:1824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1796,i,10688129650466066494,14876178706692123755,131072 /prefetch:8
2⤵
PID:716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1796,i,10688129650466066494,14876178706692123755,131072 /prefetch:8
2⤵
PID:2264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3212 --field-trial-handle=1796,i,10688129650466066494,14876178706692123755,131072 /prefetch:1
2⤵
PID:1540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3220 --field-trial-handle=1796,i,10688129650466066494,14876178706692123755,131072 /prefetch:1
2⤵
PID:1880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4764 --field-trial-handle=1796,i,10688129650466066494,14876178706692123755,131072 /prefetch:1
2⤵
PID:952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1796,i,10688129650466066494,14876178706692123755,131072 /prefetch:8
2⤵
PID:4736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1796,i,10688129650466066494,14876178706692123755,131072 /prefetch:8
2⤵
PID:3656

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2320

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 420 -p 812 -ip 812
1⤵
PID:5220

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 812 -s 2912
1⤵
- Program crash
PID:5260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultba2f1cb5hd718h4ae5hb26fh8aa2254e9b32
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
PID:6048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd5c2446f8,0x7ffd5c244708,0x7ffd5c244718
2⤵
PID:5236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,6197274300863757139,14153375609144129197,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
2⤵
PID:2360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,6197274300863757139,14153375609144129197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,6197274300863757139,14153375609144129197,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
2⤵
PID:5348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4368

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 456 -p 5800 -ip 5800
1⤵
PID:4960

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5800 -s 3104
1⤵
- Program crash
PID:5128

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
537B

MD5
7c27c69d23939c4cf3ec8a7298d5b953

SHA1
cccd46165785e3f89046495dfbbdfb66fac72d0b

SHA256
429eeda8eb8d8e3301dd266595fde018dc937f33b410692a868cd2812b54d2bc

SHA512
e6f1d3503cbb7a8aba4c7144389087d162188c3472456f25e5054fde2b2d3cc7d6fcfe438ecbb5ecea73c29a663fa63c4aaecf3becf8962c199efeb1ddb3e429

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
804b5b6a6d6649f92d36041c41899224

SHA1
71eb09e79c4a9845f7396055913773a51c54b44a

SHA256
ff94778d88705502bd021e694eb760a99fa5532c8d5dd553888c1ac72c824e61

SHA512
e8a42bf6524a8784e9109d242b3f8b1a0d9790a5deb9e3b697d9b76c5c4eab3e17fa024f839905fce5ccaac95e7c4817825c0573e6160de22f397f15ca2120e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
84c70f4c90d8976fc095617735232625

SHA1
488aee6b2a1e077a0ae2e3c16d1cb12651a11428

SHA256
408b89991eeeccff6a6a790c56e140f1ba23a18b582ca1e1326d87773904d146

SHA512
cb6315885ece65121d894789b2410ca2ad09e5975250daf727b612adefc3161a1c83182640bba25003d19c8c2ccdc67b792edd77df08cea201dae7aabc5dde43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
157KB

MD5
723e954327569a25187e364a7e2bf68d

SHA1
9e0fb7b6efd2b59baa6e723457f46f022cd595b2

SHA256
2e0bab116df624231a36198f39e1d895a519b6cb7587abadd35dcb29cd1ded42

SHA512
e1f12469e4d76382d4f1353bd38e1d0c7aa96f412d63cfc37f38b29ab667c167cd3ff713db53d435c04b1f816b50a21ace6438cda7f9d2c4d085751954a3a02e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
157KB

MD5
723e954327569a25187e364a7e2bf68d

SHA1
9e0fb7b6efd2b59baa6e723457f46f022cd595b2

SHA256
2e0bab116df624231a36198f39e1d895a519b6cb7587abadd35dcb29cd1ded42

SHA512
e1f12469e4d76382d4f1353bd38e1d0c7aa96f412d63cfc37f38b29ab667c167cd3ff713db53d435c04b1f816b50a21ace6438cda7f9d2c4d085751954a3a02e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
462f3c1360a4b5e319363930bc4806f6

SHA1
9ba5e43d833c284b89519423f6b6dab5a859a8d0

SHA256
fec64069c72a8d223ed89a816501b3950f5e4f5dd88f289a923c5f961d259f85

SHA512
5584ef75dfb8a1907c071a194fa78f56d10d1555948dffb8afcacaaa2645fd9d842a923437d0e94fad1d1919dcef5b25bf065863405c8d2a28216df27c87a417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
5aa7d7c41d5b52280bfcde13bdff92f2

SHA1
56eb032f4b034ad8ff23d82dcf2efb03f1f3543a

SHA256
94fcb48da5e2083bdd8d5846d40e97e4940fdd18eb6f5ba9945c237d0c168778

SHA512
bb6ab27b7ea6edfbe739525ef4441422aff624f2a5a03929b99b6ef0a536d16e43108cf5affa26d2a2d5c90d8f8d69dcfa2b59e36b54b3bd19f77dfcac424dbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
3KB

MD5
5cbdc8cb5d83f2c0136be64782d48ead

SHA1
1a000bdf75a85cb01bb002e05a1fc205f87c4beb

SHA256
4fffaf46ac72f20f29de05077e8a9d5a1e8bde2163cc87c464df8046b1f3b12a

SHA512
b5b6a61e6d5885868b17e19aa5cb263b7784a154ac4ca0bc2bfbab1b74da0d20f173372355061e7582ed130a31280ccb580be69e33b59ac8e408472a5dfb1687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
3KB

MD5
65f42e12c4b24cca20eeca0ca7069ed4

SHA1
90b2581b6314dcc94c590a1e23679fce73a46e4c

SHA256
7ca139eab5f00021b5ba5f62b5916106598b728ecb75a5ffcf9cddc54c8f75ad

SHA512
c686a7b391d4b3fccde8acbd30c13f80a68592d879e3ff9bf24da514a80de3357e628f48e3ef583d3881ae186a16cb8a715e5c8ee43465d66031d87491b06731

Download Submit
\??\pipe\LOCAL\crashpad_6048_CGBXXXNMINNRARRN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_4548_HAKKUUWRPSKWLAPL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit