hxxp://goo[.]su/TfyXjk

Analysis

max time kernel
34s
max time network
29s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
23-06-2023 20:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://goo.su/TfyXjk

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133320274354487883"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2176 chrome.exe
2176 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

2176 chrome.exe
2176 chrome.exe
2176 chrome.exe
2176 chrome.exe
2176 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2176 wrote to memory of 4960	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 4960	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 5096	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 60	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 60	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 428	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 428	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 428	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 428	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 428	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 428	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 428	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 428	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 428	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 428	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 428	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 428	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 428	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 428	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 428	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 428	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 428	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 428	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 428	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 428	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 428	2176	chrome.exe	chrome.exe
PID 2176 wrote to memory of 428	2176	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://goo.su/TfyXjk
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae60e9758,0x7ffae60e9768,0x7ffae60e9778
2⤵
PID:4960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,5173730219421662420,5602526765535180141,131072 /prefetch:2
2⤵
PID:5096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,5173730219421662420,5602526765535180141,131072 /prefetch:8
2⤵
PID:60

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1812,i,5173730219421662420,5602526765535180141,131072 /prefetch:8
2⤵
PID:428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1812,i,5173730219421662420,5602526765535180141,131072 /prefetch:1
2⤵
PID:4908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1812,i,5173730219421662420,5602526765535180141,131072 /prefetch:1
2⤵
PID:4332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4512 --field-trial-handle=1812,i,5173730219421662420,5602526765535180141,131072 /prefetch:1
2⤵
PID:1092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3376 --field-trial-handle=1812,i,5173730219421662420,5602526765535180141,131072 /prefetch:1
2⤵
PID:4756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5344 --field-trial-handle=1812,i,5173730219421662420,5602526765535180141,131072 /prefetch:1
2⤵
PID:2440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 --field-trial-handle=1812,i,5173730219421662420,5602526765535180141,131072 /prefetch:8
2⤵
PID:3012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5852 --field-trial-handle=1812,i,5173730219421662420,5602526765535180141,131072 /prefetch:8
2⤵
PID:1920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5920 --field-trial-handle=1812,i,5173730219421662420,5602526765535180141,131072 /prefetch:8
2⤵
PID:756

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3044

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
696B

MD5
a6e5b17800c8d1428e35fa5544906eb8

SHA1
287ce9e0208dd49e22065301f5bc85d1b31293a5

SHA256
e034155a6516d8c3ae98b7e06e414867eefd39fa02477b61d404ac0639953066

SHA512
d44579b55ec3ccd85c6eafc39a03c04a8223bd708b2cf40ee5182d6ae38a907cc8802182a72a4b11c89443c7d5bac9e73dfd516856e587f24f99be47bb3da273

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
726d085bf9e6b14d29a861aced065286

SHA1
916bbebe33bf8eae165125ed61c0d7fe4b1812fd

SHA256
a332c12a1e41d7591a7a88f0ce36b3691471da0b8be74bfe56a72da8b9b2c8e3

SHA512
c06770cc05adb9a4480cc9005a83bbcb7b03fc06495157f7972d05e2d6ce014c573d6bbf90551bab12bfff4dcc7d588f744f5a50dc3e4e83f9c7d90634bd3525

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ddb864d3422e39c01d56117aa3d6d36b

SHA1
3f6e3abfd66048561d064a09f93462af294787eb

SHA256
e221a4e7823c72f129b049dd2907e2fc1e3718749334b5a3c64db7ff4235c16e

SHA512
dc9d5c2553bbc1d7b0c700b0f0cd500de19f4216f07ca2412e2c1f523e4818e29b420df236bc7da0a8de3971ac3dfe01c2541347fedcbdffb04ca526bd5e699e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d9c0d30d68fb62d4514dbec07fae9602

SHA1
5f833c4a3d4ff84c41d88fc81708cfd8c621518b

SHA256
50e7686d8d9e6e76017a284109264832d1c4140128f940cb9d13da0d71cd0a0f

SHA512
49423b5c042f2fe37596e7e8eab3a8bcca57ab16fb152b15f6033ce61b4de5247fd58c07fc16c05c1bfa1a731ac5e317aaf2125e0f86fa4db66bb3ff69e36216

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
a136ebfa2406eda1d89af425f7dedbf5

SHA1
54e8f8c7b4a76d0d25dcf0b0dc571c631ed56497

SHA256
8b22c1c527543c49f55811d3371192672e0914557d8494443d65056faaf023bb

SHA512
7c6ef5ce0fec9791832aff9e08ac6084fda113e9cb73651aa3a2e5466b034c3b9eae5eac1622a5a3689f529e0f67b4a2c56ecc041e2a755d64977e8f5bfad8d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
d1117058b8f067f705b7a9cb24232ba5

SHA1
9b3e7fc5a81d03115150d6f666b5d531ab39a14d

SHA256
463077581b7379cc00cf094967be3cf7ea38ebf6f4f1356100a9e14ba3814abd

SHA512
ba054c9c5e57ab9b24f3928e1a17b95b6610e2510106d30927acb638a25576363cf3d09d45de92b3fffb2b0d7cafa1cd481486cdc964a4040549b5735aa75eb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
174KB

MD5
2653e11839f7f811cf36d1c15e7af8c1

SHA1
2ffcfbc477773cf5375f7534c59dd7a211799ed8

SHA256
7aacf682bd7b76445ae03242ffa81b6d948b8eb915822052951def1e18996674

SHA512
7ef75f6eb6d3838b181b70980eaf245c1cdf59756dab22d99844019cfe59e81d58bc2bb3562aea2b19a3ea635ab65e9d38ef92b1847340e54c9270f678b59188

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2176_LDHVKNAXVIJSKIXD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit