1c4d6232973923b1b75e33f012b526856580d4153bdeabeac110472c2796359d

Analysis

max time kernel
149s
max time network
151s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
24/02/2024, 19:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

TGMacro.exe
Size

1.1MB
MD5

fd6ce55d0fc4454a0a0912997cb104c2
SHA1

703e2f81a950acf7e635ca4d008c1941cea33afd
SHA256

1c4d6232973923b1b75e33f012b526856580d4153bdeabeac110472c2796359d
SHA512

b975ed80de6eccd069b49f09a6691115bdfb599432c79a0439d1c714595be556cd0e27b8e69fe6846e54eb079bea3c2cbd80d6b306c8b5cd9a20a1dd593cc6fb
SSDEEP

6144:7tXr3Ifz4PrJvnNVq5CCDymFEymFEymFEymFEymFTymF8ymFYRM3GWOTymqNi:75r3Kz4NvneOssssjajRM3BOmo

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133532765444308291"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4024	chrome.exe
4024	chrome.exe
996	chrome.exe
996	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4024 wrote to memory of 2132	4024	chrome.exe	75
PID 4024 wrote to memory of 2132	4024	chrome.exe	75
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 4492	4024	chrome.exe	78
PID 4024 wrote to memory of 2684	4024	chrome.exe	77
PID 4024 wrote to memory of 2684	4024	chrome.exe	77
PID 4024 wrote to memory of 1676	4024	chrome.exe	79
PID 4024 wrote to memory of 1676	4024	chrome.exe	79
PID 4024 wrote to memory of 1676	4024	chrome.exe	79
PID 4024 wrote to memory of 1676	4024	chrome.exe	79
PID 4024 wrote to memory of 1676	4024	chrome.exe	79
PID 4024 wrote to memory of 1676	4024	chrome.exe	79
PID 4024 wrote to memory of 1676	4024	chrome.exe	79
PID 4024 wrote to memory of 1676	4024	chrome.exe	79
PID 4024 wrote to memory of 1676	4024	chrome.exe	79
PID 4024 wrote to memory of 1676	4024	chrome.exe	79
PID 4024 wrote to memory of 1676	4024	chrome.exe	79
PID 4024 wrote to memory of 1676	4024	chrome.exe	79
PID 4024 wrote to memory of 1676	4024	chrome.exe	79
PID 4024 wrote to memory of 1676	4024	chrome.exe	79
PID 4024 wrote to memory of 1676	4024	chrome.exe	79
PID 4024 wrote to memory of 1676	4024	chrome.exe	79
PID 4024 wrote to memory of 1676	4024	chrome.exe	79
PID 4024 wrote to memory of 1676	4024	chrome.exe	79
PID 4024 wrote to memory of 1676	4024	chrome.exe	79
PID 4024 wrote to memory of 1676	4024	chrome.exe	79
PID 4024 wrote to memory of 1676	4024	chrome.exe	79
PID 4024 wrote to memory of 1676	4024	chrome.exe	79

C:\Users\Admin\AppData\Local\Temp\TGMacro.exe
"C:\Users\Admin\AppData\Local\Temp\TGMacro.exe"
1⤵
PID:3264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa31d29758,0x7ffa31d29768,0x7ffa31d29778
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=1852,i,13903960754972508350,6578758996168574203,131072 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1852,i,13903960754972508350,6578758996168574203,131072 /prefetch:2
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1852,i,13903960754972508350,6578758996168574203,131072 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1852,i,13903960754972508350,6578758996168574203,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2880 --field-trial-handle=1852,i,13903960754972508350,6578758996168574203,131072 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4456 --field-trial-handle=1852,i,13903960754972508350,6578758996168574203,131072 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1852,i,13903960754972508350,6578758996168574203,131072 /prefetch:8
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1852,i,13903960754972508350,6578758996168574203,131072 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5044 --field-trial-handle=1852,i,13903960754972508350,6578758996168574203,131072 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4928 --field-trial-handle=1852,i,13903960754972508350,6578758996168574203,131072 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 --field-trial-handle=1852,i,13903960754972508350,6578758996168574203,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:996

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
adf777cbc828e58afc28e32906972ef3

SHA1
f14a07f09c4c2a4db1b30ae9db14be660ef8c827

SHA256
2761ebfd9424ec7b2c35abfd621399493b9c6326426bada9cc09300f4e2cc3b4

SHA512
096d7b7324437706834940fbba1396bdf934836cfe0aad81cbd3f010f1d9a1b774d3fd5504441d9dcfc20bfa2eec692dc26c2a1a16035a7a0eb17e11e39a6ca8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
041455201f8cb15dc0eeecd6c07800f0

SHA1
e0e7088c5ee9a73a5e914eec07217c4217254a67

SHA256
7a662c02870d9c9cd8c6d021e67f35d8c0171ad39562006a191a9d888c623165

SHA512
e43f8af8530104bd8581627dfab08209d0767a8332101c53e47d154161537aa764a8ee1e24a6a7a5c2f1b130727abb9721a02a16da4d5bf304c7ac21908ae94e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5738dfbfb2118a7644eb533a702fb06c

SHA1
b4371b3f8c7a703da244258bb0fcd7b4d3c922c4

SHA256
514d7c1310485f7d3936b55e93900db58fb8c8c8021f2ccec21db2b43f492949

SHA512
a5ce8396a1352d8ad70eb24d74f948847954bbef68c0d82525f7940eaf3812db58e6b9b681b67ef70552b8f03897b5228e48a18250be613f7338256b5fed7d44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
dac17262291847075fcf64b759612b58

SHA1
a0f59460b70d21ed95bfde2cbcbba9324e1eac76

SHA256
a1f659be37f40cd53a05370368d1c942f8551c8f1e8980047f6e60871ea41292

SHA512
960f5b91087d42285a5307c143ca3bacf39866023c64778d4dc72776c8860f31de2c28624d84743b3c1d750bc4d9a5ad9f85be0edc9238adfe972321806cf3d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
1f7e0ff5428e42fc980d3237afde659a

SHA1
ac1331dfd86c05f2308cb5ebec5f43631eff87f3

SHA256
ff13a1abde1092b404c50891381afed3d577ba9190883f58ba687e42a697e514

SHA512
de122fcbd1addf3687ca33902d57911ec22d2e4bf777581a9195c3fffebd27e6bb3ab9381ba8508dd1de4f4e823134955da351802dfa3c14e8c480b1a02e1a37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4296fd579a0f867eea77b920c0d569c6

SHA1
8af4e8e9e5407c0fdf9f7747a30348fee7aab8bc

SHA256
dab316f2dbaae3642d300a72da9791d38622986088d3f13dcf16d439ddfc68f4

SHA512
35f2dd75fda50662ee4514cda7a1b10d519571e3348860e1aecac7bc0c5b6f01c61bbe93c08ac7fd817e15d05a6c9a6191491420326fb36d67dc99abb4e4e365

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
407ec9e902fc29f10f5a7d311ed6df26

SHA1
de1499bd2751686eee20565eaa037cfa4af1a349

SHA256
6b5fad34a99fa2a6770a584dced3a49968e4db5441239b9508f79a0fb7b794ef

SHA512
e8fd4e0bc2325920af34f8f8af9b57bf3392be1e2e9388fb8782cbc30480ec3bd23ad5f3958635c66f584eb08b9ab9fa8f83799b7e1da062a544843399b95601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
82fc3e7b529414e903c03d9d265a5321

SHA1
1f3c2cf47c798dfc493f98f0598db191cbbd3e5f

SHA256
bde00a489bef66548b3680d9c48b4a79bec90e3cf9bf06af2100c10b684519ea

SHA512
aa083f27dcd5ea06509083d6b8514cf8d6fa2a1e9a22def19b97a24ac70176ab7ab1a0518f414f5e3790a4496c1c42ae67ff2daca4cbb72f715c6c8c959bad02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f120f009e2f0399968212e091bab0cb6

SHA1
8d5c547349e8a3577ba3bb43fa1d4a7b3cc3fe7d

SHA256
fcaab9224531200c04cfba77413aa0841fc4030cd7380e1546e2ee3a02bf2190

SHA512
a60ae8a948422a34b2f2cf8e641a0ec886d1fc7d02aa1c202d0d8d626fe0626991503f92b3298e26e96341648558436422752086fc6c19b91167e832d8631b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ef8ebc82638c9e1961bdb0db22d68668

SHA1
5ab994efa7a646ee9036d0d3424796c995e2dda7

SHA256
4e1fa0cd1864520b4d43016fa74040ca8454b8e0cc51ffd2eea65d01cb7d8019

SHA512
71cecd8bd7674247f327ef18206a0a8353f5443e9fc1692e5327a6f306f5bd55115e3eafdef781f5a6c23ea3506fa7e126cd7ec0a0a2de6420dd1e31a549c1be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
8c420c05d73f8035bbe00a9855217cf1

SHA1
8ce86487f8a50c1ed6fe312968dc9344041257b0

SHA256
81a60917620a2270e31ba4d369f2ff225451d8e8ce6453e0fa23f3f64186e9ed

SHA512
e3994abec3bcc64c20b7e7fe4ae006489905b2592c078ea569f349ba927266a6dd5fc48e09afff38c4a373863ad1766ea8006b3f7c063651da9724fe27052457

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/3264-0-0x000001DD33FB0000-0x000001DD340D0000-memory.dmp

Filesize
1.1MB

Download
memory/3264-4-0x00007FFA2FD90000-0x00007FFA3077C000-memory.dmp

Filesize
9.9MB

Download
memory/3264-2-0x000001DD344A0000-0x000001DD344B0000-memory.dmp

Filesize
64KB

Download
memory/3264-1-0x00007FFA2FD90000-0x00007FFA3077C000-memory.dmp

Filesize
9.9MB

Download