hxxps://xx[.]oxcg8[.]ru[.]com/[.]xn/drive/onedrive/safe/index[.]php

Analysis

max time kernel
129s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29-03-2024 14:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://xx.oxcg8.ru.com/.xn/drive/onedrive/safe/index.php

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133561948764692222"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4768 chrome.exe
4768 chrome.exe
3960 chrome.exe
3960 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

4768 chrome.exe
4768 chrome.exe
4768 chrome.exe
4768 chrome.exe
4768 chrome.exe
4768 chrome.exe
4768 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe
Token: SeShutdownPrivilege	4768	chrome.exe
Token: SeCreatePagefilePrivilege	4768	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4768 wrote to memory of 3924	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 3924	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1960	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1976	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 1976	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 932	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 932	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 932	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 932	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 932	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 932	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 932	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 932	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 932	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 932	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 932	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 932	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 932	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 932	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 932	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 932	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 932	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 932	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 932	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 932	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 932	4768	chrome.exe	chrome.exe
PID 4768 wrote to memory of 932	4768	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://xx.oxcg8.ru.com/.xn/drive/onedrive/safe/index.php
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad7159758,0x7ffad7159768,0x7ffad7159778
2⤵
PID:3924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1884,i,2062677338614159595,13505747722960603843,131072 /prefetch:2
2⤵
PID:1960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1884,i,2062677338614159595,13505747722960603843,131072 /prefetch:8
2⤵
PID:1976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1884,i,2062677338614159595,13505747722960603843,131072 /prefetch:8
2⤵
PID:932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1884,i,2062677338614159595,13505747722960603843,131072 /prefetch:1
2⤵
PID:4912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1884,i,2062677338614159595,13505747722960603843,131072 /prefetch:1
2⤵
PID:996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3980 --field-trial-handle=1884,i,2062677338614159595,13505747722960603843,131072 /prefetch:8
2⤵
PID:3840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1884,i,2062677338614159595,13505747722960603843,131072 /prefetch:8
2⤵
PID:3752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4576 --field-trial-handle=1884,i,2062677338614159595,13505747722960603843,131072 /prefetch:1
2⤵
PID:4872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5104 --field-trial-handle=1884,i,2062677338614159595,13505747722960603843,131072 /prefetch:1
2⤵
PID:4556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5316 --field-trial-handle=1884,i,2062677338614159595,13505747722960603843,131072 /prefetch:1
2⤵
PID:1736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3060 --field-trial-handle=1884,i,2062677338614159595,13505747722960603843,131072 /prefetch:1
2⤵
PID:3076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --pdf-renderer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5096 --field-trial-handle=1884,i,2062677338614159595,13505747722960603843,131072 /prefetch:1
2⤵
PID:2044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 --field-trial-handle=1884,i,2062677338614159595,13505747722960603843,131072 /prefetch:8
2⤵
PID:4720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1884,i,2062677338614159595,13505747722960603843,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3960

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1440

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
652b21e3217a978948ba7be17ab7e6a2

SHA1
e903aedfb4fcfea305291b089362352ad40cd647

SHA256
dc9006417392be2ce6eef179e83df8ac7f0775900badd49d6e04bc24eeb76e04

SHA512
c24c2db0f2e77097ad41e4e6d91460ad6322e52ec560f4b87825eed23b250b9c8be19cb3228074c299e0f796e1da5b87318e94f844990e93485b1f41bdd6df89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
532B

MD5
97ae508ee9bf6d7c880a8c52fb54bfb8

SHA1
2fefa86b49dc295b101036fe3f1ae6421466c202

SHA256
102a662f1dae2e1710da03d43e2d99eeddda0c8e4f0cd251e4c79a6362db90f0

SHA512
65a6a6b817b2de42e2832b7c15139b76d6cfee881760044575aa1fd6f8747de3ad18a69a8054a563bf20b5b37e629e34790b3ceb01c7f9b7433d1fe2e4802068

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
f802a47ba4d4f090a46c17e695a1e2ab

SHA1
cea06d24d70f75016c6b6d47a53aa15eb04cf106

SHA256
5c3e83273d53fc3f6b01460858354cfcb9937c707fcd1345b2b92a7f94f5db0e

SHA512
dcbf6b29d1e11764d698d33502d045ce6ae375a06a933987f0f904fe8d00e4678a2f7b8f138d22052310afae8c5e43aa1e6be82908c5c57a2d970ec1dc528afb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
99c6f4481946af54d877093daf1c0f97

SHA1
cac0b6abbd1954f52797fc424b858ac12059d9b3

SHA256
4bb5d91b3df6b9b166a57cf1084065301dcc76b668055ab0412f2cd4d7ea9cd6

SHA512
bba05cb9fc949c72b96add670635bd74a06e3f83cc877480f31d9e923e13105d1f5366794b95c9da165862d0b047d1ba842819aebacedbda06e647325388a9e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
9ac9594c33fb5c4109ac2c439abcb808

SHA1
97f58efc231cb61f10411e7ea759311e61037f8b

SHA256
5f6623d416f610acdd314599a9eeac5a3b5cd1fb4d62f17d814c0fcf3a6fce03

SHA512
e86f212fc8ecf52b170a5bbc30455b6442f2cb1b3092ca82203afc5fccefde3fb3ec09f7d10739e3fbcd587ff18c775ce803d322c73982430eccd1895a8c087d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
7d319178491722771bc060d5b1553dca

SHA1
1658bbe5e48abe094690fa8375b083f8e9915fcc

SHA256
7726da5704b2e367c0ebbfe8e9fb0d667749e911343a08dd4f60daee632e4679

SHA512
3de95324f85c50be58185c1f502b0b5154eff8cd2455a290be5de96e35e9171f411c6f7387879ce466c95e02fb47de3d529e16c546365dbe153550bb8fc7a901

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
253KB

MD5
093cae1823ae2a0d62db54833c9b8460

SHA1
3159191a39b99444a15c24100474e9f06c523682

SHA256
d9b2fabd7bebda89d85e6e28b216694f1f44de424b3ee2ce8028c88bfbcc0b19

SHA512
d194afc94c613ebe13f365f1921f75528a6e0aa532d1f28a11481a5640e6549f265fc1bcd01281cc2d759e47c44d586b18abbb55a175f29e453efd30b8efb006

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
98KB

MD5
b18ffbf2755c2aa22d76c3ded17db137

SHA1
de8c4dc69f8580c1e4727675bc82ae1b691992f6

SHA256
f79f733ce244257d810591025cd583d451bd8a0f6890f8fad48b8eb4ef677789

SHA512
e5a6536febfd6dcfc1ad4e706c8fe447e76e9694bd8db574f7c4edd48628cd63f205795187777057881e687d07ba0c7ebf3268959cf77b5edbc25021af4cbe11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58a92c.TMP
Filesize
97KB

MD5
dfe4916e1482a67ddf5ea4ef7d354e05

SHA1
bc7a1905f20e8013b69b409410f5588d0af75df2

SHA256
ffac69669f6e09717092fc71f929c8973db65c5f44ae458ba3c48bbc4e65be6b

SHA512
41daa3c7212118860fbc8d004e637e7a7b60b927b5a9b991b9c778c1fb068b1495f1f89e4a95be8eb2034d9ad7c574831a987f2e11d73b8449bde4e752069311

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4768_ZCDMMWQPPMGLSWRN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit