hxxps://click[.]pstmrk[.]it/3s/gamma[.]app/JjV-/v_izAQ/AQ/5cc7c694-71ad-4234-92aa-be87e1cf9975/1/t9shR3CfF9

Analysis

max time kernel
300s
max time network
303s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 16:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://click.pstmrk.it/3s/gamma.app/JjV-/v_izAQ/AQ/5cc7c694-71ad-4234-92aa-be87e1cf9975/1/t9shR3CfF9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133547333688185676"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2727153400-192325109-1870347593-1000\{ABD04B4A-E302-4DD6-A3DA-21DEC2B0A270}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3864	chrome.exe
3864	chrome.exe
3180	chrome.exe
3180	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3864 wrote to memory of 4832	3864	chrome.exe	92
PID 3864 wrote to memory of 4832	3864	chrome.exe	92
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 4132	3864	chrome.exe	94
PID 3864 wrote to memory of 924	3864	chrome.exe	95
PID 3864 wrote to memory of 924	3864	chrome.exe	95
PID 3864 wrote to memory of 1768	3864	chrome.exe	96
PID 3864 wrote to memory of 1768	3864	chrome.exe	96
PID 3864 wrote to memory of 1768	3864	chrome.exe	96
PID 3864 wrote to memory of 1768	3864	chrome.exe	96
PID 3864 wrote to memory of 1768	3864	chrome.exe	96
PID 3864 wrote to memory of 1768	3864	chrome.exe	96
PID 3864 wrote to memory of 1768	3864	chrome.exe	96
PID 3864 wrote to memory of 1768	3864	chrome.exe	96
PID 3864 wrote to memory of 1768	3864	chrome.exe	96
PID 3864 wrote to memory of 1768	3864	chrome.exe	96
PID 3864 wrote to memory of 1768	3864	chrome.exe	96
PID 3864 wrote to memory of 1768	3864	chrome.exe	96
PID 3864 wrote to memory of 1768	3864	chrome.exe	96
PID 3864 wrote to memory of 1768	3864	chrome.exe	96
PID 3864 wrote to memory of 1768	3864	chrome.exe	96
PID 3864 wrote to memory of 1768	3864	chrome.exe	96
PID 3864 wrote to memory of 1768	3864	chrome.exe	96
PID 3864 wrote to memory of 1768	3864	chrome.exe	96
PID 3864 wrote to memory of 1768	3864	chrome.exe	96
PID 3864 wrote to memory of 1768	3864	chrome.exe	96
PID 3864 wrote to memory of 1768	3864	chrome.exe	96
PID 3864 wrote to memory of 1768	3864	chrome.exe	96

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://click.pstmrk.it/3s/gamma.app/JjV-/v_izAQ/AQ/5cc7c694-71ad-4234-92aa-be87e1cf9975/1/t9shR3CfF9
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff849879758,0x7ff849879768,0x7ff849879778
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1856,i,12667268723866331186,18340778518370513106,131072 /prefetch:2
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1856,i,12667268723866331186,18340778518370513106,131072 /prefetch:8
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1856,i,12667268723866331186,18340778518370513106,131072 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1856,i,12667268723866331186,18340778518370513106,131072 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1856,i,12667268723866331186,18340778518370513106,131072 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4616 --field-trial-handle=1856,i,12667268723866331186,18340778518370513106,131072 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3244 --field-trial-handle=1856,i,12667268723866331186,18340778518370513106,131072 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4904 --field-trial-handle=1856,i,12667268723866331186,18340778518370513106,131072 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5556 --field-trial-handle=1856,i,12667268723866331186,18340778518370513106,131072 /prefetch:8
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 --field-trial-handle=1856,i,12667268723866331186,18340778518370513106,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 --field-trial-handle=1856,i,12667268723866331186,18340778518370513106,131072 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 --field-trial-handle=1856,i,12667268723866331186,18340778518370513106,131072 /prefetch:8
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5700 --field-trial-handle=1856,i,12667268723866331186,18340778518370513106,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3180

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1124

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x49c
1⤵
PID:5624

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:888

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:1224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
3ea6521cab1102892ba7c75660e3b88b

SHA1
63f912eb03324a520e0f33a8f58602810eb9899b

SHA256
658f0ac99873ba35ba5213d7487ed3840cfab828149352c447d761391d9b8bae

SHA512
4186f2099670ae45f8cac21992a8168b881150cecca60e93e15e2dd5b572b12804d1c3d51a0ddaea4a06cec5611b547f7de6c06b017c2620b907c3d6b57dc0d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
43a3c549c232454ca4dee153c013b314

SHA1
18733e4514d1348b3e39eccc36b3423761d781ec

SHA256
f91f3887f77cc229445d3e4903d94e84f70f34e3e940635381f7642eb2d34752

SHA512
6d737dccfd03c251a85d9bfdc4a521526098ed91cc28b57bbf1f2aed08192a0f2e444ad6c938c8f0b6c7a7bff78dd1cefe3c1b409ad2d2546797ca4a0d110069

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
542d33c87d736658ff34d0c1c2d889d9

SHA1
b6e777b188eb1821d4b559e0a3ce705889c511d2

SHA256
78f9ca4a530392081a3c67da35f3a844314871dded27f23ecd94ec2c128ddf90

SHA512
8c878582b0b5bfcc2a3fa2467fef9272e6fd796e556658ec35238fb9a69c6f1d4b4ed455524a204b36156be0d8d883b37beb0b311aa09b6e53b7416c4ae040a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
260048f40dad5d4d8cb3619c05695d4f

SHA1
1e658a3f41db8ccd1547e33a4711fe4e5677c339

SHA256
16fec7e837e4e894f0e481a00f92ec74f4c0c30095d44df017c442531de65cd1

SHA512
870af8d3e884f0715021c659f2af45599ce9712dd9cb78a3bd6233c990a47cd36363692a99e78948acd227bb43f86b771414b07121c7941f4983f615afd57e7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
608b50952c683850406c3d83ca0ca100

SHA1
35eecad5dc1b6e34fcf06b3c0911ae3f34ae07bd

SHA256
8e1076756e463bd416eddd354c2a187f985b7fa564be8dd072beda2596225b19

SHA512
ceddfe6efe86b3bc88cb505a62fe00612104fecff6cf044d5f21a45fb239de08cf12bf21a775d8d1a52fb3c66938a900ec3719f6c217b0fb9fc2c18db05cd8f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
cecff33fccba56185f42e1e96f548034

SHA1
8d07bc2b6533032a0299885420ebe66fcfb4a555

SHA256
78f346e97662de4f1c4151975ff2d4fe7a553697dad2f83eba81d27a194fdb2c

SHA512
286eea099799c5f0e044a8504fe8d3215e040e6d81826cff5cdada76bbcef2ff936fa090271df17bfd79fd4b61f4942864014cd16b87756ee4a929284b1e961f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9548ba1a8276c6b7b7bd5feb38cbe6d3

SHA1
746a5e80ebe596d2f3fe8b7131f9019f0c6ae1f3

SHA256
530225683be7b31f6a25b09573b77ae2cbf30f5a8f391d62cfd946a7e9615eb2

SHA512
a1db69160cd0cb72f74fd4fca59b121f6263b7a5f714e48075aab6e7fabb64afe7ed20deb3987b15069177b52831e01feed26b5d17d3b51fe451e78582a69111

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8be9e29de17b3ed0422810cdfab1d4fe

SHA1
bf9bf8a21e8433e98c7010cef3269bfa0d8eab93

SHA256
084e998c8d4123663d5f334a11da46d72ecf155a56070cdf21517b00dc3cd29c

SHA512
b1229b3042c55722e7c6938556e00dbe98b22167a38d990a9442085c6fe4948c9d063875dd498160a798682980abf2b177fd71139962cbe59852f3da08dadcfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
58214eff4301be8b5c1f89ff683732f8

SHA1
25ac7e825bd5a0662a9719b00aa6356a57400461

SHA256
ae8db1519b1d114f932e463d014e006556a3dbf98e6386c31af008a0cd3bd683

SHA512
292c1b584babe69b37c707c1316e9cddd14889b9e82e6ffc038a096da1477f1ad2917c4cf02647c49b32ee87538e0a1a15fec8f7bbbbad98a5373cb4f878c9dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5787cd.TMP

Filesize
120B

MD5
348ade95c1cfed38dbe216f8bc1327b0

SHA1
cd4838dad2ee959a87ad9ab563aadc329f0d1a54

SHA256
41090eb43e0b7f32423b01262ad8985a70dcfe99fd9ca9dbbbacbfc364980cc5

SHA512
2b9a32e8488d35432b196066228220f5735e52abbc7f5f32a7e6aef220880fe9b8ecc2b89b8f939f0fdd728153162be392f3c68238b49f43f975bae89daf4bb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
57ad3fdc6da9f6447e685e64f33a818e

SHA1
5eafd560a03920df9af369a3486d2c8be252d02d

SHA256
0f05829a907c5bb9ba92c3a61e2bea01ff04a441c44158786474159e7d89852a

SHA512
b78c1ecf1f76973237beb0abcdb3da71bd53773e3b9b0ed1593be1db443ab894a359b0a1935fe31b4b7b2d9c8942a83ef64fb43009d69576705cc0779c605d2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/1224-369-0x000001B39D440000-0x000001B39D450000-memory.dmp

Filesize
64KB

Download
memory/1224-385-0x000001B39D540000-0x000001B39D550000-memory.dmp

Filesize
64KB

Download
memory/1224-401-0x000001B3A58B0000-0x000001B3A58B1000-memory.dmp

Filesize
4KB

Download
memory/1224-403-0x000001B3A58E0000-0x000001B3A58E1000-memory.dmp

Filesize
4KB

Download
memory/1224-404-0x000001B3A58E0000-0x000001B3A58E1000-memory.dmp

Filesize
4KB

Download
memory/1224-405-0x000001B3A59F0000-0x000001B3A59F1000-memory.dmp

Filesize
4KB

Download