hxxps://gift-catch[.]com/gift/activation/id=8682346868

Analysis

max time kernel
117s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06-03-2024 14:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gift-catch.com/gift/activation/id=8682346868

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133542074679673459"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

828 chrome.exe
828 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

828 chrome.exe
828 chrome.exe
828 chrome.exe
828 chrome.exe
828 chrome.exe
828 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe
Token: SeShutdownPrivilege	828	chrome.exe
Token: SeCreatePagefilePrivilege	828	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe
828	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 828 wrote to memory of 4188	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 4188	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 3264	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 2660	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 2660	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 2420	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 2420	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 2420	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 2420	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 2420	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 2420	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 2420	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 2420	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 2420	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 2420	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 2420	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 2420	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 2420	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 2420	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 2420	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 2420	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 2420	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 2420	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 2420	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 2420	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 2420	828	chrome.exe	chrome.exe
PID 828 wrote to memory of 2420	828	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gift-catch.com/gift/activation/id=8682346868
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7ebc9758,0x7ffa7ebc9768,0x7ffa7ebc9778
2⤵
PID:4188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1876,i,15968420112638641540,10380917664842301153,131072 /prefetch:2
2⤵
PID:3264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1876,i,15968420112638641540,10380917664842301153,131072 /prefetch:8
2⤵
PID:2660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1876,i,15968420112638641540,10380917664842301153,131072 /prefetch:8
2⤵
PID:2420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1876,i,15968420112638641540,10380917664842301153,131072 /prefetch:1
2⤵
PID:2344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1876,i,15968420112638641540,10380917664842301153,131072 /prefetch:1
2⤵
PID:4404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 --field-trial-handle=1876,i,15968420112638641540,10380917664842301153,131072 /prefetch:8
2⤵
PID:2436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1876,i,15968420112638641540,10380917664842301153,131072 /prefetch:8
2⤵
PID:4252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1876,i,15968420112638641540,10380917664842301153,131072 /prefetch:8
2⤵
PID:1916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2288 --field-trial-handle=1876,i,15968420112638641540,10380917664842301153,131072 /prefetch:1
2⤵
PID:1592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2552 --field-trial-handle=1876,i,15968420112638641540,10380917664842301153,131072 /prefetch:1
2⤵
PID:3904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=992 --field-trial-handle=1876,i,15968420112638641540,10380917664842301153,131072 /prefetch:1
2⤵
PID:2016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5436 --field-trial-handle=1876,i,15968420112638641540,10380917664842301153,131072 /prefetch:1
2⤵
PID:3196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3000 --field-trial-handle=1876,i,15968420112638641540,10380917664842301153,131072 /prefetch:8
2⤵
PID:3352

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:936

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\84ed44ec-57d2-4718-8c8d-197a026a065b.tmp
Filesize
6KB

MD5
f11ff2ea9585aeb23688957dc5619bd8

SHA1
a094c0306cad9a33ea0fd5e1fcc185b29fcdafac

SHA256
e2a6f4087b67827cc9628d93ab2d6a2af47335e64520721f11b912f6b17d4430

SHA512
d58a5aa2d1ea3bd4b9c329f4e098d812ab1a3af0fd20614b9d5acb9cc4dcdf1e687a0f081354401886138144b32dd59ad3cc53f6506dc3a0270a4ff7c1973b68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
Filesize
43KB

MD5
db2a509594a5a1893b68ab6751b4821b

SHA1
de248758ad71bb86150de155daa2fae0ef82186b

SHA256
7205ea02f7af5c57824a95597af310a9a7f1cddb053abb3b4b82af8f09fb6f51

SHA512
37a82855bfdcd0f93c097883437c22362b8cd79530885f981c6e03fd6f2f80a8177a979a005feec10b61aa2b84b49faf0a05e548d472655eb50ff4df5b159e73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
6a7d73411821d13d9b1439a6fa645396

SHA1
9c0f7ed90cb8df4a17c9007bb9f7c6b503a9e262

SHA256
8e1cf4ce8ab0787d11a871f0dab57cbc3b2dc976c63d7447f7f9483c3de6312e

SHA512
87744f554587aacc13dde3a0544755ff1a17e9b13a6f218a1d4f49c58916a754f7f470dd6ad8a184a511575973d866ac27ef9c07a2cb7566f9a949fa96dc3bdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
336B

MD5
85f0e42fd1fdfc99b82dfd6c1a9385d3

SHA1
711b1b5ad86dcea684be50406da949f4333f22a4

SHA256
c59f3bfe9757882dde82a6c2c13d46340877723d70fd771e33aef2a56d251d83

SHA512
d9a51f53346eb93f00880b56f78249f01a8bb26b724aa47318bb1f57bf13d493b5e7efb603e452f5ed6c9b8d3251743601420b80cda12a5bd672efc4ed98157b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
cebe526625052554f13bf9e371f83355

SHA1
e27514edb38d706b335d045b8e9d95ee6d0a1890

SHA256
4cd8dc1d63a86478bd1375005ebe085be1159b61a19c25b66b20b143283de0f5

SHA512
c93f877d6ea1bf50a0c3f401f766932d1e700310591a5fe424824f163be24061192c8079a53b776b9a7857db3c9126e6c0c39994bbb78d5729cec36bbba15648

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
2bfe37d10207e067d169cd7b26d7f518

SHA1
cad1ce8b2201ad954662f79cd152eb1b494f4631

SHA256
d1d3407e337dceb0241a60e91cb31de1b115db27cb3cc40cc70f086809fbb2b1

SHA512
4639a9c31876b808e32c4a2deef4b6dd92d28dcfcf2e8427c7c6a054c55b33223969fb688866acf4deaf800de9acdb86db0c553330bc8a1f1cfd3acd52adb905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
704B

MD5
7e348db1db99e64d5078061c815d4f69

SHA1
e42197cc4c53edef77a16dfd8bc40b3cb8612d78

SHA256
e6a2cea85dfd6ca186175226d12d936adf0ca8c626ceb3a4bc80dffae236842d

SHA512
e4f33e906df10053b7730feec6c93f6993a8348e0df973e012657ede51c026b0b6b1d8afb3196677e739dc51f1e20bcba03e3bfd9a8d3873503cfbc4e8c3cc09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d141e1bbd8e7de36328c1d9a1cce298b

SHA1
eef3d307e8053f0b9dbab59190f5c4de3375df79

SHA256
4b9cb5d2c02dfeea3fe7d21c05273aca5d43ac55d46f90e51980021e1137a13e

SHA512
ac896f967e54e4614e1c34c09b6c5e5257a872c8df9e1576ff911e3f0cdbf1b5d7a452fa00d39309e6327df8658ced0373a41b37b5197e51895036be218592d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
0fd086031c2dcf5bb8a28fa9fb85f62a

SHA1
cf7f762ee82aa5a7488d9ef294184557952484cb

SHA256
9e1996cc117b4d8ed1946c0884201d95883791e5aa66a9b80cc8f48ad1ba2174

SHA512
dc9fc1969b46b6d10886d06a42fb60580ae42648dbe8762f929b896acd70d0b08840bd7bca2d753178c95354d02ff661e1de983fa9a1ab6f31ae03d09e1a209e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
55d693e8e81c09a4fadcbcd8b0ec0393

SHA1
6f1238564145801d5722d214a985ba4090f99db8

SHA256
675067c5bc19a33780914dfbff898823d91a4963e652b0004bed74fb69a5f2c0

SHA512
c09f605f38c123ccb068f31a38e0f0dc1af07b61ea73e6788b5520abad97867b6f1df3d93c7f084b542822ea407d02ced1354de5a23ba81d128deadedcce1545

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
0ca81d5a85f84ade230567b80879d09d

SHA1
d1686ad5b2e5e5ef9e2b3674976484dd2f4e286f

SHA256
56f98f59660ead96eafab7c70ab28d0902047db0a948ba42aa0fcb8e256552e9

SHA512
76f5771aac369c4a71a1a034f59331c18b2ddd87c4c5019940bb762b8c4977cf8a0c3b07ab3c2191f9514e015a4cedca5a0adab92072912fa5a6ae5c716597e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
105KB

MD5
de25acaa7ab412331cebc055068c7401

SHA1
29a3f7d4d7860cac95166ff0b770eb05ecc905e5

SHA256
d9d2a86bb82fff87801b67f827970bf4152a2e3813c12a566babc7dc4324614a

SHA512
9237d8735366e45ad200ebb8461a8fd2cd57d96c5600fa79b486538bb4d0d037f13c58c852d46332695d612b750ae5c1dba992091e4f591a563c4f413b4d3ea4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58f2a8.TMP
Filesize
103KB

MD5
db50e1736893c21275bce51b345a707d

SHA1
d4addd140819a25359c497b741a5837bbb04758d

SHA256
f1eef587c17894d0a0a413622785bc695c6559a21e8479e9507a1371752464ef

SHA512
3881c7be9af6789139ea1eff18869dfe884a57251ab0976d282ba4ab138090a5b9b004717c5e566f34ee4313c3523a946f8891c80fbb0729a84f839a9ada2a6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_828_DJUWTOAIOPSUVFKN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit