hxxps://google[.]com

max time kernel
263s
max time network
270s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16-03-2024 09:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133550558193689629"	chrome.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
3696	chrome.exe
3696	chrome.exe
2664	chrome.exe
2664	chrome.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe
Token: SeShutdownPrivilege	3696	chrome.exe
Token: SeCreatePagefilePrivilege	3696	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe

Suspicious use of SendNotifyMessage 57 IoCs

pid	Process
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
3696	chrome.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe
2548	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3696 wrote to memory of 1472	3696	chrome.exe	84
PID 3696 wrote to memory of 1472	3696	chrome.exe	84
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 4488	3696	chrome.exe	90
PID 3696 wrote to memory of 1064	3696	chrome.exe	91
PID 3696 wrote to memory of 1064	3696	chrome.exe	91
PID 3696 wrote to memory of 1456	3696	chrome.exe	92
PID 3696 wrote to memory of 1456	3696	chrome.exe	92
PID 3696 wrote to memory of 1456	3696	chrome.exe	92
PID 3696 wrote to memory of 1456	3696	chrome.exe	92
PID 3696 wrote to memory of 1456	3696	chrome.exe	92
PID 3696 wrote to memory of 1456	3696	chrome.exe	92
PID 3696 wrote to memory of 1456	3696	chrome.exe	92
PID 3696 wrote to memory of 1456	3696	chrome.exe	92
PID 3696 wrote to memory of 1456	3696	chrome.exe	92
PID 3696 wrote to memory of 1456	3696	chrome.exe	92
PID 3696 wrote to memory of 1456	3696	chrome.exe	92
PID 3696 wrote to memory of 1456	3696	chrome.exe	92
PID 3696 wrote to memory of 1456	3696	chrome.exe	92
PID 3696 wrote to memory of 1456	3696	chrome.exe	92
PID 3696 wrote to memory of 1456	3696	chrome.exe	92
PID 3696 wrote to memory of 1456	3696	chrome.exe	92
PID 3696 wrote to memory of 1456	3696	chrome.exe	92
PID 3696 wrote to memory of 1456	3696	chrome.exe	92
PID 3696 wrote to memory of 1456	3696	chrome.exe	92
PID 3696 wrote to memory of 1456	3696	chrome.exe	92
PID 3696 wrote to memory of 1456	3696	chrome.exe	92
PID 3696 wrote to memory of 1456	3696	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3c879758,0x7ffe3c879768,0x7ffe3c879778
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1896,i,11368110284949815498,8908245335704290568,131072 /prefetch:2
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1896,i,11368110284949815498,8908245335704290568,131072 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1896,i,11368110284949815498,8908245335704290568,131072 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1896,i,11368110284949815498,8908245335704290568,131072 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1896,i,11368110284949815498,8908245335704290568,131072 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4640 --field-trial-handle=1896,i,11368110284949815498,8908245335704290568,131072 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3096 --field-trial-handle=1896,i,11368110284949815498,8908245335704290568,131072 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1896,i,11368110284949815498,8908245335704290568,131072 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3932 --field-trial-handle=1896,i,11368110284949815498,8908245335704290568,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4932 --field-trial-handle=1896,i,11368110284949815498,8908245335704290568,131072 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5024 --field-trial-handle=1896,i,11368110284949815498,8908245335704290568,131072 /prefetch:1
  2⤵
  PID:5564

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1856

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1a89b907-bc83-468c-b51f-0e7facd2a086.tmp

Filesize
128KB

MD5
4a1dec0c7b56cca056de671e6dd5f228

SHA1
17d7d773a1a7e0f88b96d497238bc75676a2faec

SHA256
d26d324ed6a7f2f061cea4b5566c0fafa63166de29bafff47e0e89efa7e76139

SHA512
5df2220014eb31b5954dadd335268ee9164a0e9f6af3df800bc6a32ebbdf5ed6b4679637dc638f1a8a235df843c45dd918545ef793e6c31265a8a59c67eca84b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
198KB

MD5
06d38d9bf028710762491328778f9db6

SHA1
83e1b6cbaad5ca5f6dc63453da324f8df28de193

SHA256
91558d69c027808e375e11c80166dc6ba245fbcfce715c9588decc55b4a33dad

SHA512
b197e5f92add72688396a07246ee9842a3b0de36508aa57f0254531cb109c77d0392e00ea28e006f9fbab1b8fee9b333998946de47ca7526b631e8c810780781

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
f57a09c7b2a8a5e96bbb6150c358995d

SHA1
75de52cf1945df22548ce59a0717ddee023169de

SHA256
dc0fc11f2b29185594c83cd85492e6b99a906a792aaaf59920342f362cc28645

SHA512
5b6d2f54fb33d335ff1c73a36e05fa4f9ad6c5812a2d571e2a40ea9bba04b26daa0873514b058172faac1754b6b7f372d08c65397a209cad3bccf05688291bf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a6a206bd5753635c6e5675944a3ea007

SHA1
fa2f94d5a5c3a495d96be146da975432f07d37de

SHA256
d8df84402a1e1f693ccd1a42fd2e1a1d934360a53013e93d8a64513198f7e7ba

SHA512
c01396fb921787ddf256070ffd73e7e6fd909cfc9ac182b059b3b7c49b8efccce6fc66ec8ad0afd05fa9d773cd32c3bd9a462e6ae457cfda218f1b9a32924516

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
33510e41d25908ae8a739253198c7818

SHA1
85b9dbc8d9626f004180f14ac0476056cf306b0a

SHA256
d5d0a8e95de27bbba756a4530262aec6599883093ee74062e3ad9e20efaa8a0b

SHA512
3bcb3fb9f1be20aa3b1c3f2cdbfe754ee2b1da4c280bf39e50b4654c7d851c1186910571a764382cf0748eac728a6cf5fc8a9f38e64d4602f0a3e0e54104fabe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
367B

MD5
72b42579fdba0b0fd296c7ee3aa0b661

SHA1
8e1b75dbfd80cfda052d496594909ef5bd229bb5

SHA256
a347b1d8e0855a684805ffef9830ff06a1150a0b6fe21f3f34199830a9241295

SHA512
7c86db21468d9a0f5627185d69fc5212370077e02c475f6e848f99ace9b71f4e30ceb27d68d1687e7b92b56148967223955028c248f1710d2f55e3b6aa9d8702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6b7bffde69f43766d95dd5eef1257009

SHA1
30fe94fb6ac7254ea11e13110ce9896b1e9d04b6

SHA256
d64eeeeca5c0ed8649116c3436d5496cdd982171eb99cf6d66bf26a610f026c9

SHA512
b673811e004f61d9caf1679dac57efa7d9da8511b747a7406a9dee088f009278d13f02a00ed0df256c5e6f67f4c843b1a52b8c7d7c4387bed02cecca494a674c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7047fe0d3c302bf6693a6b80525dcb0c

SHA1
ee8f544fecf4092d48b318f823abadf0eebc8e1b

SHA256
a4b85207bb2c9596cf868e14d69bbfd1fb62a81c027ae048dcc16b270ae778a7

SHA512
5e21f72795ad1f8a8f2b567b93a59ac0d2c49656342680656a0114054e25e49f5420ec76f916ec5d91eca21dab76463a5fc338409b3ccb4a328f70f84eca7601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
db6976a00572cd6821c81f9579eccdfa

SHA1
fa8ca8b502b7b3e459cfc527dbb8cb38bfbb63ca

SHA256
a35a29e2dfec991cd614a364694aa3835eb70b4014801357966d2ec1536ced0f

SHA512
849abeea31c57f86b2621e4c51fcd163cf321fc85ca746f3b671cf4a48aa875ef9e8b4f550400d2a00400365e867ac41b2c39ebd35a477709633b3239d50ea69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
3f62475a34488d7a716467a1058a076c

SHA1
90854662c255c86d2ad930f5857f2693543026f7

SHA256
4f2081ec06dc3cbaeef3eaa5a69bc86bf499a9065f81cee0332c51dbf90e2bfa

SHA512
537eb63eaea61ccf22333dbde7656d08d8f5bc7c2c512eb95a23451f0c240244e56193ff12155dc5dc47e91343255551f52e7a839a78d29e3cba294061546e5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/2548-189-0x00000248FA4A0000-0x00000248FA4A1000-memory.dmp

Filesize
4KB

Download
memory/2548-188-0x00000248FA4A0000-0x00000248FA4A1000-memory.dmp

Filesize
4KB

Download
memory/2548-190-0x00000248FA4A0000-0x00000248FA4A1000-memory.dmp

Filesize
4KB

Download
memory/2548-195-0x00000248FA4A0000-0x00000248FA4A1000-memory.dmp

Filesize
4KB

Download
memory/2548-194-0x00000248FA4A0000-0x00000248FA4A1000-memory.dmp

Filesize
4KB

Download
memory/2548-196-0x00000248FA4A0000-0x00000248FA4A1000-memory.dmp

Filesize
4KB

Download
memory/2548-197-0x00000248FA4A0000-0x00000248FA4A1000-memory.dmp

Filesize
4KB

Download
memory/2548-198-0x00000248FA4A0000-0x00000248FA4A1000-memory.dmp

Filesize
4KB

Download
memory/2548-199-0x00000248FA4A0000-0x00000248FA4A1000-memory.dmp

Filesize
4KB

Download
memory/2548-200-0x00000248FA4A0000-0x00000248FA4A1000-memory.dmp

Filesize
4KB

Download