hxxps://jahaniandassociates[.]com

Analysis

max time kernel
1s
max time network
196s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 00:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://jahaniandassociates.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5192	chrome.exe
5192	chrome.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe
5192	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5192 wrote to memory of 1184	5192	chrome.exe	14
PID 5192 wrote to memory of 1184	5192	chrome.exe	14
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 384	5192	chrome.exe	32
PID 5192 wrote to memory of 5564	5192	chrome.exe	31
PID 5192 wrote to memory of 5564	5192	chrome.exe	31
PID 5192 wrote to memory of 2956	5192	chrome.exe	30
PID 5192 wrote to memory of 2956	5192	chrome.exe	30
PID 5192 wrote to memory of 2956	5192	chrome.exe	30
PID 5192 wrote to memory of 2956	5192	chrome.exe	30
PID 5192 wrote to memory of 2956	5192	chrome.exe	30
PID 5192 wrote to memory of 2956	5192	chrome.exe	30
PID 5192 wrote to memory of 2956	5192	chrome.exe	30
PID 5192 wrote to memory of 2956	5192	chrome.exe	30
PID 5192 wrote to memory of 2956	5192	chrome.exe	30
PID 5192 wrote to memory of 2956	5192	chrome.exe	30
PID 5192 wrote to memory of 2956	5192	chrome.exe	30
PID 5192 wrote to memory of 2956	5192	chrome.exe	30
PID 5192 wrote to memory of 2956	5192	chrome.exe	30
PID 5192 wrote to memory of 2956	5192	chrome.exe	30
PID 5192 wrote to memory of 2956	5192	chrome.exe	30
PID 5192 wrote to memory of 2956	5192	chrome.exe	30
PID 5192 wrote to memory of 2956	5192	chrome.exe	30
PID 5192 wrote to memory of 2956	5192	chrome.exe	30
PID 5192 wrote to memory of 2956	5192	chrome.exe	30
PID 5192 wrote to memory of 2956	5192	chrome.exe	30
PID 5192 wrote to memory of 2956	5192	chrome.exe	30
PID 5192 wrote to memory of 2956	5192	chrome.exe	30

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe8e119758,0x7ffe8e119768,0x7ffe8e119778
1⤵
PID:1184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://jahaniandassociates.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1816,i,6054719854003681304,4850637283801319168,131072 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1816,i,6054719854003681304,4850637283801319168,131072 /prefetch:8
  2⤵
  PID:5564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1816,i,6054719854003681304,4850637283801319168,131072 /prefetch:2
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1816,i,6054719854003681304,4850637283801319168,131072 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1816,i,6054719854003681304,4850637283801319168,131072 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4008 --field-trial-handle=1816,i,6054719854003681304,4850637283801319168,131072 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6024 --field-trial-handle=1816,i,6054719854003681304,4850637283801319168,131072 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 --field-trial-handle=1816,i,6054719854003681304,4850637283801319168,131072 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 --field-trial-handle=1816,i,6054719854003681304,4850637283801319168,131072 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2576 --field-trial-handle=1816,i,6054719854003681304,4850637283801319168,131072 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1816,i,6054719854003681304,4850637283801319168,131072 /prefetch:8
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4084 --field-trial-handle=1816,i,6054719854003681304,4850637283801319168,131072 /prefetch:2
  2⤵
  PID:5376

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3084

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3cc 0x4a0
1⤵
PID:5600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
55KB

MD5
dffc02a5d0b3962f4da623a2389b58f4

SHA1
4ebafcb5632c175ebee77c127acf424aeab35c62

SHA256
b38b4b890e705a0fb5e7a2ead33ab44519527c52c1f2186fee837d4d78c72e7c

SHA512
18416068e0cc30aeb71564788249220633dfabf989060c3f83d52966fe31c8668cb8742bcc7bb59a515369c13e5cb2a30b9e5563f4b309358ceade88b0dfcf83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
201KB

MD5
c445ab4315d0633d446998c80764cc36

SHA1
47d3dee9845cc6e29b6771dd6560793b8b93000e

SHA256
5635695eeb70b51c449aea7a5bd3c9699c3c28c64498fb7fcb8173aad45d7242

SHA512
83a32ffdddf3ee56e89f232c8d05a4b00265895b0e41d13700f90fa389f0bf3f112c291c24c3819751803322b11e2ff866971d835d601672b36818c4e099bff1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

Filesize
25KB

MD5
9c8f915c18b47f5214ebc2762f479d1c

SHA1
e99470c0c72a65b67780f9d8d63a84e61472e9cc

SHA256
e95439be76feefa3d7f5da59317749dab20c2fa2d913d2ce09312021f746f14a

SHA512
687978546e8e731293ec4382b37ae8fe89ce154050ea4f7e35deab93497ac8c6da103c4cc1a75e284843d9362611140215da220584e736567ca08334d68016b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048

Filesize
55KB

MD5
9b02294a6ac23598035c527364eb31ea

SHA1
10a5336f6af311a49be37fcf8bda2dc855e9abaf

SHA256
e268ca1e62e6a4d704a4ed0cf8e747077c6e98248a9d877160f7044d09cbf8fb

SHA512
097975923e82039e8baad62a6f4ee38a5263b31324cfffd239208f4edf302073494eabaf70f363e33e34e517a8acc9b6d2b2946586202874df6bd4ab5103a44a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009e

Filesize
400KB

MD5
49c37443ccdef69e435c045c5a3c4bbb

SHA1
a6ed78fa292341c46c5cd814748902a0d2f50705

SHA256
3957e1b48136637931b62208a092eef0ea84ce803599d504fca2875f07a85059

SHA512
c80bc6b96f2f6f738719104126b3891c5cfd54a2b40aa55a2df5b77c85bf6756184201a3db22856514ba9a3878b40504cc506a6ce0947ea1528935ad64d6e82e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b6

Filesize
34KB

MD5
686d2aa0e7296ef42621bb7635b867f0

SHA1
5582321582280564de8979f0a0d5d5f7e03cbdcc

SHA256
6c318e20ab8a03036c7cc12362d1ea3d3bb2866a94c43b421e27ba47fd52400b

SHA512
90a57cf981c277bb94b90064a44329ba0d2a3450405246bc12bee62b535ce581d591830ae00c51e4715934742ae51eed9388f7669caca715492ead50b1a19f7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c583625d09118833d4c26050c223f7dd

SHA1
b108b788f4b57885542eaa081954b39126397506

SHA256
d1cb91ed4f6ad51b13a28c6bc3066a8280fefba9ea40b2d71271b452c2432084

SHA512
471df5f724d535542fe4540ae4298a62231ab717a30b95776330c8ef312eb5622872ca36da2a04afa187e2bd1cd475f9a1c8532a8ae310fd1e043b1ef5380540

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f9bf27f5d56635ea93ef9fe195a798d9

SHA1
8fe2bd8e86edb4ee6121d1e96e5ee000da374693

SHA256
f90422d8667127a311a073d3788c2e5a219c97a2b15ef1346456120b62ef6657

SHA512
12d37d6bef777f6b42a6c0308fa3ae837db0c73ad53a0162ce8ec0e010ccd54a97e81cdfe2c000cede656011f1b6e32fdb419a3a5f0500b8199095decd8c3431

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_jahani.jahaniandassociates.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
45eeb85fb2c38ced44db0db332406d25

SHA1
a532793f2d9ab62da3d8b9a09a3a7a550b6bfc80

SHA256
a4964211c3c23eb90bc698319e4d936c80aebf8bbfc5e9d5277eba484c8cfee4

SHA512
f922cc2cc5327b3cacd84bf8de3ec4702bc138ceec677a08af13898da64e8b68146d6280a8804df10930b5ed62383e655ad04dca789253a6268a326b9115fa4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
a36fd0bca84f20902091787fbca1d532

SHA1
8f47e37ae9ff6bbb7d5f193f086aceef41c3e0f0

SHA256
5639b83227bf6cc8dda88c36770b13f5516c5a81ace408e90d7ff5c89a70f61e

SHA512
04304cb14eea1a6da85c4013d033156b9e878cd4a347b9e86e22007bc6faa4a5837e79189a48524e18175a45591b8e2807ce68f4311378fb4f7a1625ac64c874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
845b41de4d2fe74779f61c1fe1efb828

SHA1
8b34c2d4738e490088a2c1d0c2e3f42624b68243

SHA256
48266d7c1830d8467b8e1825dca0a7dbcb0befa61094872a8fdd89a47b1a3f24

SHA512
e8638cfe82a6a66f83f00c5d099e3138743c9977db7eddf2363b419229d3995801042cb5f1dab267c15eb90a453ff37c0592d4bf9be236a9f754058d282073b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
153c48f2a561c742ee204b0ed7022e04

SHA1
35bce47f237b97d678159e481402b969a1177ddf

SHA256
7d8b70967613ed7b0f26a582f1bbdd34016c6ca32699fb61fd7ce8a679d1e821

SHA512
8807d14c89dcd12853d863b496e061e2299ee432a460556a61c41147e43de448f32108a17986a2b07294cf42d05643a7c88b4b8d53df6e5f5ade169474eb1d3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e78de126aa88f88e993ed98ddaf49594

SHA1
fcada4356dfd45b852591d9133311dd78af3aa5c

SHA256
c0f936448d27f743f7bf45defee4d32bbc5ef1a500e64da490bc1153b71c9dea

SHA512
3ddbf95a00841d3db87e5eebf8334a5d366a752bdf1f804f5b6f4aecbcbcc7fbfc5d14becb7cb43baa30e8c2f9b0fcd7daf806bfda58dd7fb65128410d411de9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1942945beab5602c74622aeaacba48b6

SHA1
208ef8d2191d0f3805df63098bc3fcf59b63c0bd

SHA256
bada7b62127f259a7f42e6871278f627bb28125a7f6c4f55af6c45c0af021665

SHA512
ca4909d0ad6553c017f9f89cfc09b265fb8611047e13f0fdb8ac1706e368751f2eb3732bb8f1af7970550fe69e53c313513a91afdf19bc0928bc8a3831c4d3a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
251cb4e0f7f8db2b60055d2dc7846619

SHA1
ed52100b6df571e0c3ec548042501195a735c18e

SHA256
f43524c61a6770ce16dfa1635829af28e36093a8c0d62e49312f74a91a96584f

SHA512
0117200935927b53922d43f9d656683fee8cfd62096286db4a6267f0b220d328f90c3be7ddaa366b2dbbb428a653044c88e361fe439950a1b2b5760abffc0b8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dc9c64d10d6f54a6839d6f8ba61eb4ee

SHA1
115245817e5eae593eaa623248f36b6027ca9a69

SHA256
16f60fc4671a1f27929945d31ec6392f72deba2b1bfb9bd27b6f97268bc9f214

SHA512
6a388ec2ba270b913b52bf63d29f60f4121c2b09f7a052e0485980447c1424081d745bb2f0fe542f4920d735e40d2d16ac229c50fe19ba56aa285651310b4e6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8c12053d49bc7436ecaf28c4fe76fd8d

SHA1
d32f6ce0f11667b5e6f77d73c54e4798d0ca28d0

SHA256
ef453fe81c9e1a539769c958954267f7c07d54c129dbccce2dc3e62d6c10b656

SHA512
32c389ecb0c0961dea16e82c25e2212f44c4641cf8a1253770543d268927f9a1dfec2ac9a3ccf286859d6d57add016b86d19b7c82e143f9eadad67ab401c55dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e25849c46c0725feed2a514c0070c933

SHA1
2d042722bb2648c7885a9f27321bacec95392a68

SHA256
e15a39b567d9faffe4f91f1e9ebde18e7b087c6a289bcca0a8e37d31d5b5e40e

SHA512
a0b3762ae7e0f7acd5210bcba8f1b12bfa4cd750cabd425c539bed6f43fbe2ed77a7ca70352cbb3d0818cae6e0967fd771f1792d4604d5d657ae00330331d0f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
99794945097af68c328872189b595247

SHA1
b1e18f245fbd09298cc4d746998c34ccf1937654

SHA256
cd0659bf2ef0c902e0fc2e920a5b60edd99e2e54e8e7b3e7455ca98931c4a8cb

SHA512
252113a419dd7a91dc4622a18769e908a9b562e82c36102d1633750195ee107292bf5a836ee729b523f5312279fa3679e43b2e0e0d10339322025b25c88c9102

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
16KB

MD5
b4337f7dc5969895677a524f8e2066e2

SHA1
8b449a27c319dd2c0cd5029f4dc2da12a8a2840e

SHA256
eb4346a24203b74bcba46eba3c847973c4512d5916cac9e43068d61388940647

SHA512
a84e01cef89d83bffe295ffde3f36f0c239cdbb8e58697a4cc563e475d8ceaca130603e8630af1b37ddb67353e548be3ae2dc30367e39234f603d99d87d608aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
1ec1d61465f844af0d7f24cda037ae4a

SHA1
0564cac23456a8cd894d901da4a3b02a3a9b8413

SHA256
279cf745b0afcf54016c874792fc6ae72aa0d6ce501a68deeda9db44bb3933ab

SHA512
398301288c8221e381d4cff7708612b0e9f00b230798b1bf2f6a90d75db2efee8d3f98b0f1405af561dee0c08ff2a1e723866915dffcd60ef91695dd003626e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
db8a375bd893095b46a87c0c2b03b297

SHA1
92f53ef9ff05af8cdc0abcbe10c178ce46b763f4

SHA256
e89d545b23f2dafd597759ddbdc806a645696b6c7cc3da6ce2762ec7729d39b0

SHA512
e24cc5be2726ffec1b236e9d3a3ee511c48953a0052281e8c617961b96bae652d69834cc96a40cedc2833e5189bd8795f8698f7e6918b56d3d23fe83f088deb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58e4cd.TMP

Filesize
101KB

MD5
fce6e1c9e0db559f236a89b6a8e94492

SHA1
06a4682f71c99a7b2b3994985f20950272a7d868

SHA256
66b73117d13f63bfe8aaf3c34131e7ccc398c3588c69194d76084d8ce391d5a5

SHA512
16339bb9ff77d68ea317f438bba6c5bfd667fb387680349862a467393ddc7a7f541e9bfe703fbbab4113e769317504300052e2024e4dfa432d83e0ac93d35227

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit