hxxps://hebesmart[.]com/plugins/red[.]html?email=peter[.]griffin114fg%40saic[.]com%0D

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-04-2024 13:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hebesmart.com/plugins/red.html?email=peter.griffin114fg%40saic.com%0D

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

7 cloudflare-ipfs.com
8 cloudflare-ipfs.com
9 cloudflare-ipfs.com
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

30 api.ipify.org
31 api.ipify.org

flow	ioc
7	cloudflare-ipfs.com
8	cloudflare-ipfs.com
9	cloudflare-ipfs.com

flow	ioc
30	api.ipify.org
31	api.ipify.org

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587862216958325"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1372 chrome.exe
1372 chrome.exe
2092 chrome.exe
2092 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

1372 chrome.exe
1372 chrome.exe
1372 chrome.exe
1372 chrome.exe
1372 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe
Token: SeShutdownPrivilege	1372	chrome.exe
Token: SeCreatePagefilePrivilege	1372	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe
1372	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1372 wrote to memory of 3256	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3256	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 1116	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3852	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3852	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3604	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3604	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3604	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3604	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3604	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3604	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3604	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3604	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3604	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3604	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3604	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3604	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3604	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3604	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3604	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3604	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3604	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3604	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3604	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3604	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3604	1372	chrome.exe	chrome.exe
PID 1372 wrote to memory of 3604	1372	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://hebesmart.com/plugins/red.html?email=peter.griffin114fg%40saic.com%0D
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce9709758,0x7ffce9709768,0x7ffce9709778
2⤵
PID:3256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1868,i,10462938272404705930,10033315343544074210,131072 /prefetch:2
2⤵
PID:1116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1868,i,10462938272404705930,10033315343544074210,131072 /prefetch:8
2⤵
PID:3852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1868,i,10462938272404705930,10033315343544074210,131072 /prefetch:8
2⤵
PID:3604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1868,i,10462938272404705930,10033315343544074210,131072 /prefetch:1
2⤵
PID:3540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1868,i,10462938272404705930,10033315343544074210,131072 /prefetch:1
2⤵
PID:2300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4508 --field-trial-handle=1868,i,10462938272404705930,10033315343544074210,131072 /prefetch:1
2⤵
PID:1816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3916 --field-trial-handle=1868,i,10462938272404705930,10033315343544074210,131072 /prefetch:8
2⤵
PID:2400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 --field-trial-handle=1868,i,10462938272404705930,10033315343544074210,131072 /prefetch:8
2⤵
PID:3052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2408 --field-trial-handle=1868,i,10462938272404705930,10033315343544074210,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3492 --field-trial-handle=1868,i,10462938272404705930,10033315343544074210,131072 /prefetch:1
2⤵
PID:2504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4872 --field-trial-handle=1868,i,10462938272404705930,10033315343544074210,131072 /prefetch:1
2⤵
PID:3064

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4724 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
1⤵
PID:3984

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
a27daf3b5ab4d2afab343f8dd662c251

SHA1
548c9375787a7d4e9dc6f8caa3b2208615d64d98

SHA256
7254e26cedcdf702f8af8e815771b1bc9d819476cb80ac6d18a5e022e7adbf5d

SHA512
62149f9429ecad68cfbd333d7fb2a007c93c00e9d650b8f21515316c7689f451ddf0783d75e0a32281be7f98fdb68631026c6cfddaf2da804c685eb8e0080b5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
c8b3076651fabf8f6fb0ca3e2853d68d

SHA1
ad70297d3787158c0ab6bde4859c464d2b67a470

SHA256
c18eb36d33a74d492ba03b23d9fb2f2d7eec88772781248935dc6e31b485a4ed

SHA512
23b40e85a22a125be821ebee8b931e2eec6a43929c034b1dbfaa6ea68e8dcfc4259a8f2e4c84ebd9e9d204509d6e98ffb4b692c45bbc2492edd9140e247e5974

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
537B

MD5
797787a7d01b127eb062bf736a1d340c

SHA1
c6606b83d907915992c1dc22746a898c30dd75f3

SHA256
7f2bd45d083c0e3493160e2f38401aea27505f7645743c5061e87c4131fd3f35

SHA512
3ac34641467d68fa0b4c600d32d06c571913ae7a677b1ffaaebbc8748f0be0b36260651354e021080ff9d50e060a7e1df4585a8e45a4f6b590b9ff3434349921

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
29eb16c98e749aa7f34cbeac86a3c627

SHA1
4e997390136ee4499b9a031311f938f3066a6757

SHA256
de603a1adb1a37350db5730e251e43515fde6e7c601029c7d4835d6890dd8904

SHA512
41e1e251af5f7a4830e0fcdbab0631c5616120465c02f6f96f4ae1112153bbd5be408a5b369a7286e317c8e98bc8328dfee1f3a48ecc40ae843248b005ddb69a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
fa4629b98eafd1bd490949893044f87f

SHA1
dbe54d4d7ed6db4f7860c81ffb421e4e7c256470

SHA256
2b8f3aa5d11d7d7e4f34b9b780892c0091ba7f14b9a8250ce16a07a3791d9cb4

SHA512
18967fd4f11eb5c535fcbb70279aeff5e551d451936fcccbbc9cf0883daac29c96cf02578df911519fb97550d57b2c7c846cedd61bc50e831953e74fd49e8d23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d95221ff1945c7386c9e32c48daf18a6

SHA1
aa7b5d5e26973b887d04009869cffed8b63b8a3f

SHA256
e8b402e0a4c7cf89563aed40b907824844fad1b1587b430f044844c1898b7f63

SHA512
70cbbe5464c079ebffd21543b62a18f4c3bcc2d50dba4809249bfb5780f8bf4ec1ae5364148088b96e77f18eb644ed31aac87b9bfd2a2888c59d665e2ad64be4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
0f46efaf6b85b4afa55b4fe10c4a0aa9

SHA1
8f33f3598a987c8dccecc7436ea66a738bf482a9

SHA256
39704bec4139496c1641c46b7bcef740b2e4e51cd7bb72222b08cbcc0a0d47e3

SHA512
65b775734d3af9024fa5b1308dbf1b9b365dc29ac475866a9204e9f22b0400befd78834eec7d6f32cdb2f2ba4347d90e54ea06573b0f3f493bfb37b023503474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
63ef8ad6a6dbbad6bb1d856bc45e90c4

SHA1
ddad171d555f8127c01536e45dd1a36848f1d12c

SHA256
ab44ac670b716d26f0219f96123186edb4224c7687fc0ba81a150e1117115311

SHA512
375b39fc1315d50c4983e3b584570069732ae2923fd53c59af0ddad271d6a830573af409312f62116880d8835b24e72fb9792f36412fa5e4f157211f9a5959a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
5daba12318a725b31c11672f5b876a7e

SHA1
0fc7eae0672cd1842b7612717b88121294d08cd8

SHA256
2431385f43811d2f1a68eff17628eb84e971f78d6d2cd08e4d8ce1f8c86494b4

SHA512
728cd6ae4b4dbb5dc7a1a0890a1782efe4e96492a6618cde72d10680b4858017eaecada33dfd28bcdd2167b9f5ddeb53afafd0d9091571c9da0dbea11021884c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_1372_UXZUVGLKJQDOFLXP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit