hxxps://udhdh[.]site

Resubmissions

19-03-2024 14:19

240319-rnaawaeg3w 10

19-03-2024 14:16

240319-rk974adh65 10

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2024 14:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://udhdh.site

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133553316097952201"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4984 chrome.exe
4984 chrome.exe
4484 chrome.exe
4484 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

4984 chrome.exe
4984 chrome.exe
4984 chrome.exe
4984 chrome.exe
4984 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4984 wrote to memory of 4744	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4744	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4544	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4136	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4136	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4472	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4472	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4472	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4472	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4472	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4472	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4472	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4472	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4472	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4472	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4472	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4472	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4472	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4472	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4472	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4472	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4472	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4472	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4472	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4472	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4472	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4472	4984	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://udhdh.site
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7aee9758,0x7fff7aee9768,0x7fff7aee9778
2⤵
PID:4744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1916,i,15731641067303255692,17475214735808200903,131072 /prefetch:2
2⤵
PID:4544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=1916,i,15731641067303255692,17475214735808200903,131072 /prefetch:8
2⤵
PID:4136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1916,i,15731641067303255692,17475214735808200903,131072 /prefetch:8
2⤵
PID:4472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2872 --field-trial-handle=1916,i,15731641067303255692,17475214735808200903,131072 /prefetch:1
2⤵
PID:4692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2880 --field-trial-handle=1916,i,15731641067303255692,17475214735808200903,131072 /prefetch:1
2⤵
PID:3868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4616 --field-trial-handle=1916,i,15731641067303255692,17475214735808200903,131072 /prefetch:1
2⤵
PID:4404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=1916,i,15731641067303255692,17475214735808200903,131072 /prefetch:8
2⤵
PID:3084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1916,i,15731641067303255692,17475214735808200903,131072 /prefetch:8
2⤵
PID:2456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2980 --field-trial-handle=1916,i,15731641067303255692,17475214735808200903,131072 /prefetch:8
2⤵
PID:4132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4864 --field-trial-handle=1916,i,15731641067303255692,17475214735808200903,131072 /prefetch:1
2⤵
PID:936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4824 --field-trial-handle=1916,i,15731641067303255692,17475214735808200903,131072 /prefetch:1
2⤵
PID:4808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=876 --field-trial-handle=1916,i,15731641067303255692,17475214735808200903,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4484

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2588

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
369363d390987e8d4a977f24028d5051

SHA1
400893f4aef9465e5c63213000941f5296cd6aef

SHA256
fb562dd6f308bce13013acd5611c56d91a97fcab01f858c6637c84c9260d93a5

SHA512
44c75dc800fe44cfb3e4800766e25659bf5e6be320c555ec43a239a76ad5ed9899b45a364aa7244954bb4668603f852b04e525abfaddb76f174602635f7dbe61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
8ebc329f6ce95dc117b2039f1f68e271

SHA1
f995e259eda013556f404c842938ad2676779466

SHA256
ac6b2224200874d03bad7f2561f33e62cfc521d9b7ec18abe352d85c2eedd599

SHA512
22052517ac533f98964d933ed68b9a5127842ab12925739b3adfe9a659840f30f12b7297078cde6500a684db8281acf21157d6e7a45e758adf1da09e1d272982

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
875B

MD5
8bf5b29679058d68c4ee227d0eb1219b

SHA1
ddbbffebb0899d1c4f07b000d39e2b4da6616b39

SHA256
ad9fbc5c31efda1f78e7cc7393ca95f6a08a6dda80a9159beea0acbac9df9353

SHA512
82671608ca8838de715ef1f064dc98128bd1071f10685bb8dbd5255bfd7d690e6fb7dc0337132563307a264dce169fc9aab81de28f585e76943a3eca7926b71f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
875B

MD5
d3c98d1ac09b4697406357eec5d1317d

SHA1
4049d01e2597a71d5bbbd69220fac59bc66a1194

SHA256
df2ac5b084902e928cada68549fe6b40a309bf0335fac5414fd7bb85c98d73da

SHA512
0cf78d814baab3dc86225c9b9db2e71475fcf878fa46641cb5e19c1dc1ed243737b2eaf94e707724def9f478e83072f0afe55e774f29aca6f6127b9e6e569a3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
ae260b7ccd0f75a7a674077f81606f8f

SHA1
f00bf849cfa862f09f97640130f7f337ffb180fc

SHA256
88a794c834efb6b80d329b896a8b8fffa7e7f25efdc529e1bfcb47402784dcda

SHA512
fc5039e79259736693faef245373bcaf671c5551ab0b6cb65ac06c9b92f25e054f88bde209e0c0bfac059a58cb71361c1c0bfc170999602ff93156dfe7b60c8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
472210af70c195a75e8278c4ea48157b

SHA1
b376ed202d978cf9eab8238de998b35882bc4e9d

SHA256
70d0e16df5c8b58bbcf9cc52c18503558b745654ec09f8fa5caa2a9614213c32

SHA512
5e87996a85f55cdb059f9b85e221ab9cf41410e4e38b3244aa394df258c29442fb880d9ab11dea412a9f875c908b8b473729333f883631c51d9998503162b760

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
39a5645049231c26aa60fa44a3938186

SHA1
0e49e4ba97855dcc925ecc5443867d29881800dc

SHA256
ed3c8f6e6e81deae69fc9f2182826790a49962bd22fd34264ee8433ccc3c0de4

SHA512
a759b39f9000d9d40f15e2f8fa625768c74febddd54dbf2c54d937bd48dd48642f6976185cdd9080a67e7ee1bb6016a614c8554103ac5e19b6bb63cb49728a56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
328c16eb7a3c5fae7eb33d604016d052

SHA1
182d662f233a182dc6e791a3e6e7f6f9229ff6d7

SHA256
035b977142f332e9bbac81a9ee3d8bcc946eaa624dbeaf2a66eb513773d43d42

SHA512
eaa1ec443781fbb8a7a5436f493e83bef10a3b2eefcca4ac471791311e5b4876715e0b4d7cd54ec7fb86b8288dc939539d95673ba34e0af7f9d399cd3101f606

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
f378f367eb937bab35a06397ec80f549

SHA1
543e5fc409983d10687e0e6f7a369ed80c9b813c

SHA256
f0810dbfacf58dfaa400c512c7d27980a5417c2ef7df962de445c0baa80a1700

SHA512
0970ca6ec34de4e62dec75d49c155f722d165cbe6c4f549a0cef5d5082335b6114f14aadf683c1d783312929508815b0994de1f612172bd82bf216d0f946c282

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
9aa8a962937078e67d05415efbcde4f4

SHA1
32546b38a992e242473be2a28d5e9c7bd5a4c5e3

SHA256
0dce618b68f003f51880a3142e19b8c603db5a170ffef0c97312273220667f7a

SHA512
761e3f7a9d09a171b39d4ad18eb17d704c080a33460dca4b8396f847e212033ad9bc2bc2ee810fd4d9c5f21cf8fe0843d4e96c4b7db46de717daae820433d0ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
103KB

MD5
8e93b1d34849ea22971785fbb0ea1fe9

SHA1
165de0098120c6ba015aeab1a00331f989197579

SHA256
4db2c7e0d0edba9ef0df0cc53a0de0ba99e4f8ac7021060e3d1d5197c0ef5049

SHA512
2806a75524c3126c52f2b1f0ab447c55e193781d02a295986493984868d1bf3e85914839291b1e2064610329ba7c40391928c57fc8e65b72fec84eab9821cae1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe583a35.TMP
Filesize
101KB

MD5
4f3a6b9185a523142d88a3ea4b9cf23a

SHA1
27ee793ae3eb6aefabff9b50ed0f5b848e808988

SHA256
58f204aa5e061594e573987761e972c700475f941266388fc82bf3b94f2466b2

SHA512
5f1b5952f58594bedfc03eea273d463761ee14768ba6f18d18ebbf84fd72bb6253c47feab0a1a1e73465d051bbbae0a22efff88690721d0f72a22d7ed3d7dbfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_4984_VJNTMUBGQVCJYJRD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit