hxxps://ej136[.]cfd/w046

Analysis

max time kernel
1800s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11-04-2024 17:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ej136.cfd/w046

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133573298568340553"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4960 chrome.exe
4960 chrome.exe
2512 chrome.exe
2512 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

4960 chrome.exe
4960 chrome.exe
4960 chrome.exe
4960 chrome.exe
4960 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4960 wrote to memory of 4536	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4536	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4024	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4788	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4788	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4080	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4080	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4080	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4080	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4080	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4080	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4080	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4080	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4080	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4080	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4080	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4080	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4080	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4080	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4080	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4080	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4080	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4080	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4080	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4080	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4080	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4080	4960	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ej136.cfd/w046
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc7149758,0x7ffcc7149768,0x7ffcc7149778
2⤵
PID:4536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1876,i,827872318166250850,15474838293800179206,131072 /prefetch:2
2⤵
PID:4024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1876,i,827872318166250850,15474838293800179206,131072 /prefetch:8
2⤵
PID:4788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1876,i,827872318166250850,15474838293800179206,131072 /prefetch:8
2⤵
PID:4080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2728 --field-trial-handle=1876,i,827872318166250850,15474838293800179206,131072 /prefetch:1
2⤵
PID:2764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2736 --field-trial-handle=1876,i,827872318166250850,15474838293800179206,131072 /prefetch:1
2⤵
PID:4616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4544 --field-trial-handle=1876,i,827872318166250850,15474838293800179206,131072 /prefetch:1
2⤵
PID:5068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1876,i,827872318166250850,15474838293800179206,131072 /prefetch:8
2⤵
PID:3024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1876,i,827872318166250850,15474838293800179206,131072 /prefetch:8
2⤵
PID:2848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2528 --field-trial-handle=1876,i,827872318166250850,15474838293800179206,131072 /prefetch:1
2⤵
PID:5008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1608 --field-trial-handle=1876,i,827872318166250850,15474838293800179206,131072 /prefetch:1
2⤵
PID:3036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4884 --field-trial-handle=1876,i,827872318166250850,15474838293800179206,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2512

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4092

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
456B

MD5
921c50ff52c925c72f69ecd9a110048f

SHA1
aafda82a8ee0e740f0fe9fe56788f7c41ccf6cd6

SHA256
7beb7ff58141dd83a1afcf0a94067b06d6187323244b321735c448704b871bfc

SHA512
a4f347bb5aafbf67203d705f07d627b1d1c850cbfef301fc5d474febde35e3b39bf4682c03e54bbfb7e3f5d4d0af5fc9c2a4e477dbf15e92c613b963817b5236

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
432B

MD5
fa7436a303a98f556f5ada9c42d591a7

SHA1
a4eb95ea9ee400e903449f20ca0ed9819e77c7b6

SHA256
52230df36c943632461a7af29455a5156ddf1767d2e998e0136001c632675a0b

SHA512
93f24dd179ab9c576fb4a9e730f7c7f274a2efe3c93a89348a9feab8597d45c207c2588916d5a6ff8c08202212520806bd0f3a79ea73f91611b67acf3169a88b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\3f59c470-f8f2-4f95-8517-3801c161c15b.tmp
Filesize
875B

MD5
1775b6f360173e74fcc604ef75ec2604

SHA1
935f1e47c08b6bd91fbd256ec99a031aee8c0604

SHA256
efbd92686ff992d8eae9e8e5bf109994dae800df6cf5ed0b4d8faf7024041bf6

SHA512
8d8a8d1e7a26322aac21ff33540919a35aeed96f8ae1f04a0870c8f957bd80c1f0e07c20ce8036a4de16ac2a7a9914e6d6eee3851d43155ec4641886e2ec370f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
620f1bbd3dc6ea176858d2dacbf00c93

SHA1
7d78bbc2181b78940d117baf90e63650b23625ff

SHA256
262562515ec04a5a068dc8675361de5afed530109612ba140bf4ea1f49c3ef49

SHA512
805c142d8b0466885f91683e04e65fd01e9306432bd9e78b7a658072313200e2bce27bb49dc5d322587c061494502c2ecf1803cdf9e75ce4ed91f15b90c522ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
4f301d8fe583a2f7847eb5f749f0452f

SHA1
d36f72e1e23c0a670a95e55c302049a58b958164

SHA256
0e277e67fbd2e93594c89e25f43c15460563223f476cb2d5609156a962cfa959

SHA512
844544d1c3c4de7640e03fe0c15475607bab13acecd600ed0b83dfcc3788954da60c8d6b568f00190ab122f224a2e47765835f5c270ab2a19497e81fd5595dae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
875B

MD5
06364d31952271a99c51100bc4d9b244

SHA1
6d8926c7a916f3b3e398450034af0fa8c00607e5

SHA256
276f4f0b06c5dd876a96fa7352a8d9a8fb4afac2d6e17ddfcbc6bcb8ad90252a

SHA512
7825065054729b67a2fae03b5879e6e7aecc6d97bb0273498bce2beb0ba0d1c0129d4678302b6a810254d63cdb15a91097c8dc12e81a2d5cc689ca733ec88f4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\e62c4cbf-8af0-41d0-a706-3cd3dd1a8e36.tmp
Filesize
1KB

MD5
e39967dfa1e8b7123233f5a0fd12ce5f

SHA1
c0c226c1cb372822a3337d6e32e461d1e4a39f31

SHA256
5e227fe0396e70b89dd9772aa44416bc2e3012f08d50dd6c6503ef6d20e68f7f

SHA512
d8b39d094601ca9d8cf16853ddcd2055bc08eab5b98a705fa54055d036914270e9993d4d99934dbb458c49c505b3c50e61a56cd6297fcb7c8b311c11afcb1847

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
10KB

MD5
4e5c257e26f9759023062505b32d79e2

SHA1
fdc27143a543e05ab40b65332a70ccb10fde3e4d

SHA256
b6c2bbfdf1197a14c0c6ecbad80b6bd5fe119a047331b9779c48d60ffa2571f7

SHA512
77822e80d68d736a41da0207e35a0067b75a453a171d2db72af0cd9fb27db06ec581601ab4a85a438753877d548eb2043164f11309636048b9510f4fe384db67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
4a8529765cac99d36f727780c3509ea4

SHA1
437235977bd8a62395469c5385e02736e77402a6

SHA256
ce5eaec60b19d358c87df65b56f2f8c81c916c0089b4eb0b8798ba5c3d82e952

SHA512
af041b3ba38ccdc22d0abd57517c9b1802efe4d5eba74a362ab990416bc5fac5b23fee1411ce3f73e3d1757036d52398828475d0966841a4c63e8cf8cc3dce38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
3db730a80e295f0bde3c9e95f3b75e8e

SHA1
3f11a33a8060440bc61ed43491eb769711979c0b

SHA256
32c94739960223b1388196a284071d45752005a351251c1cb4e22779f63ca166

SHA512
4e2440bc9874208c2f9248970822d7c57996111b8111f54a39ad0b93b1013bff57fb96135c0fa3bcad69705cb370789def5d9481f32b5d130ec767847f2b239b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
4ff0b439d6aa5df53328cb8b8bd584ff

SHA1
92b87868cc0e9a72acf511de0d8552878fe527d4

SHA256
cb7121d75c153eb8f4d8478b8298b86e92fd52bd3514aa9a56d41a19d2fd888e

SHA512
5989ba3dd6771ee86a85d45c7a10c34b94a54f63b5a644d8d6253e0c6c86f23db666447171e9e4e176e6c0444a5b0e44a9872da9ee5719ef5126a95c0bc8543e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4960_YQIYEUHKSWSKGSCF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit