99c661d09ea5f24600aed11372294b43f05f45738d1e2c7e4d3ea3c16f5d47f1

Analysis

max time kernel
600s
max time network
584s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 03:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

home.html
Size

54KB
MD5

e3e9c9361f2d5c83d0b60bf235d9d02c
SHA1

d93c624443f7895127cc1b4a32c7de11b24a9e9b
SHA256

99c661d09ea5f24600aed11372294b43f05f45738d1e2c7e4d3ea3c16f5d47f1
SHA512

7d7c49c53514a78f63fc831036d18adce103dc28ff0e86edddd32115d8ca37427aa36189682b0ba2a753582fcb02c6bf7d857c1685f04ac6308f131c9965e9da
SSDEEP

768:5zlEm8L7wez2zltAqjkbTMW1Qrob8iyvdciDaiAFFS7fnLH:5zmZ8zkqjkbTMBEbIdc4avFY7fLH

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
36	sites.google.com
38	sites.google.com
39	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133541703432650123"	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
3092	chrome.exe
3092	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 1460	1948	chrome.exe	89
PID 1948 wrote to memory of 1460	1948	chrome.exe	89
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 552	1948	chrome.exe	91
PID 1948 wrote to memory of 4580	1948	chrome.exe	92
PID 1948 wrote to memory of 4580	1948	chrome.exe	92
PID 1948 wrote to memory of 3472	1948	chrome.exe	93
PID 1948 wrote to memory of 3472	1948	chrome.exe	93
PID 1948 wrote to memory of 3472	1948	chrome.exe	93
PID 1948 wrote to memory of 3472	1948	chrome.exe	93
PID 1948 wrote to memory of 3472	1948	chrome.exe	93
PID 1948 wrote to memory of 3472	1948	chrome.exe	93
PID 1948 wrote to memory of 3472	1948	chrome.exe	93
PID 1948 wrote to memory of 3472	1948	chrome.exe	93
PID 1948 wrote to memory of 3472	1948	chrome.exe	93
PID 1948 wrote to memory of 3472	1948	chrome.exe	93
PID 1948 wrote to memory of 3472	1948	chrome.exe	93
PID 1948 wrote to memory of 3472	1948	chrome.exe	93
PID 1948 wrote to memory of 3472	1948	chrome.exe	93
PID 1948 wrote to memory of 3472	1948	chrome.exe	93
PID 1948 wrote to memory of 3472	1948	chrome.exe	93
PID 1948 wrote to memory of 3472	1948	chrome.exe	93
PID 1948 wrote to memory of 3472	1948	chrome.exe	93
PID 1948 wrote to memory of 3472	1948	chrome.exe	93
PID 1948 wrote to memory of 3472	1948	chrome.exe	93
PID 1948 wrote to memory of 3472	1948	chrome.exe	93
PID 1948 wrote to memory of 3472	1948	chrome.exe	93
PID 1948 wrote to memory of 3472	1948	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\home.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb60569758,0x7ffb60569768,0x7ffb60569778
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1884,i,4608950620839238721,15242941384699337948,131072 /prefetch:2
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1884,i,4608950620839238721,15242941384699337948,131072 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1884,i,4608950620839238721,15242941384699337948,131072 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1884,i,4608950620839238721,15242941384699337948,131072 /prefetch:1
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1884,i,4608950620839238721,15242941384699337948,131072 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4700 --field-trial-handle=1884,i,4608950620839238721,15242941384699337948,131072 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3120 --field-trial-handle=1884,i,4608950620839238721,15242941384699337948,131072 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1884,i,4608950620839238721,15242941384699337948,131072 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=912 --field-trial-handle=1884,i,4608950620839238721,15242941384699337948,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3092

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3628

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1380

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:1240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
aa7b2ec986cb15f95fbf542051301fc1

SHA1
e8f13954ef6855d0819274632732b9294e6cfbc5

SHA256
06dc955f0f7b9aab7c9956a7bf678eb50685e31a0964b513088b2559511a4fb9

SHA512
5c20c477abadc7897771c2a48efba6d4f3e33fdbfa82ade0fc58bb8af8894bea05518f9e5e6c581eb151f6f97cc9b668f0d888069e9d0640fdfb435bab47a862

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f7711455199e0deb7e41915ad3c5fc48

SHA1
59b0d2f5abf94a7f95ee18b9e57a7596927777dd

SHA256
5dfc305c36c7cadd3c86a31e10b2cbe5d8a2147f1a167f6a2e6866d33894cdc2

SHA512
c5a61096f6a50504735969a8405b05026ccee01a441ae9eb4e733dc85c747c65cd03d2581619b3182b0b603f531963d047ca5ac0be0742df22b444d99135942c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
8b3fc3a1aa78ce4ed4fae13c9fbd1edc

SHA1
3b31d2bbba200d379ef776c54181bc9cc42a0282

SHA256
f6e008f9f3a984ff41e7cfc35fbee57f0f01fcb8370db79c4a8fcdc539f74ca9

SHA512
fb2383869646e313361143b75f5f3a73bdacd6dd4093932ba27d9001f97b0ec3b61fb55cb4510b9e8b2abd25a144276c2c48a54e5a086533b63b73d7102b72e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
59e33a05a5eee2d8b9ce9a313b4a7475

SHA1
d7078ea420f7b451f9f19964e0f995878d4db74a

SHA256
f851abc82a3fce7719d9fce6af36d57338e2c355e2d07058ef6f8f33dab47442

SHA512
37be4e7154cb8f970116d8c731ccf62bb1eea4793e61aedf0c5900c8ef724a944994ffb3d96f66627eef42df55221c51cd5be493d170066142e4afbb70b94d24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
15376d5e06883869c71b4e7fbdb2104e

SHA1
9c6b0084d6f1016458d148f4a2dd4ec7c6f9bfe2

SHA256
47021cc20ca088f0a3eb5f4c0774af27e6293d9a184ed281485c53add7960667

SHA512
5bbbb6ae93447c03425741763a4fb24bbb7d72be9ddb3c840e30d4edccf94ea382b13485fd29a30f3adad6d2de07e10533fbb367d817bd2b7f2205b40836a3e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
c00665d6fbe60d7f064cfb5cf18480a9

SHA1
895ded1a125499f2b9e820bbbb4a0dfcd5732520

SHA256
4adabf874c8f0181fa0ecd58c34f4ac594bdfd2d01472774291a509dac8e4370

SHA512
ce1d7b72c27f10e13c7735a65712d9b81a6eb0ac6463dd304ae1b2b5fc966b1ab2a2d4820b5d10b57cbe1edb1578e23c2b2c54c01d07b85b66ac52236ee54e95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8237426f9fac98adfc22c509a3728267

SHA1
d7453dc523c337059c2c3a3a76dde5228d4c5cb6

SHA256
15307f39360b0e1f6cb2a025b1d09556460d67b2340cccf1d913a0cd996744d0

SHA512
beae56d79ae64a77ad0fd6ffb5ead66cb7236b80d3510e534a17cd239f7f58fd1469eb9c6781e5f96a6e3083c01224afd3222702a6aef324a5d003f9747aecaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f4010f479ea8edeae3970bebd3825cf4

SHA1
e067de7f04425fd4e1186a6f5f5637566ea611d2

SHA256
ddc027ff1c542a03b95bee591673d2f0d7311c24e440c3d4687cbb86790fec14

SHA512
5758c8399cb1af77548e49bd578524d78f8e3985ea4c41be11579161d51a472efb9456f6b2887135bbcc27fc1c88ba513911a3389f2351b21d871493ffd715c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
6dd2c15e6b3d2db050851cca3b08558d

SHA1
0978f7b551eadd3656598d2ff8efc95ffa5356d7

SHA256
45fec194eabbf635da9ce18a939b1f9ecab29bdab0f33491ea08a1312f46dec3

SHA512
9ca4c3db462e79329f4b0922bd78aad9ef8acd78bbc1f9ad34e8a113ebcb9f4f10e78255c25f50ff5fb0062913db1df796a5e70e6edcc851f8f50fe4370817d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/1240-125-0x000002A45F4B0000-0x000002A45F4C0000-memory.dmp

Filesize
64KB

Download
memory/1240-157-0x000002A467920000-0x000002A467921000-memory.dmp

Filesize
4KB

Download
memory/1240-159-0x000002A467950000-0x000002A467951000-memory.dmp

Filesize
4KB

Download
memory/1240-160-0x000002A467950000-0x000002A467951000-memory.dmp

Filesize
4KB

Download
memory/1240-161-0x000002A467A60000-0x000002A467A61000-memory.dmp

Filesize
4KB

Download
memory/1240-141-0x000002A45F5B0000-0x000002A45F5C0000-memory.dmp

Filesize
64KB

Download