Analysis

  • max time kernel
    517s
  • max time network
    518s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-05-2024 01:10

General

  • Target

    https://orfeo.minsalud.gov.co/orfeo/validarcorreo.php?idenvioanexo=MTg0NDEyMA==&opt=2

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 51 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://orfeo.minsalud.gov.co/orfeo/validarcorreo.php?idenvioanexo=MTg0NDEyMA==&opt=2
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1160
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6b7cab58,0x7ffd6b7cab68,0x7ffd6b7cab78
      2⤵
        PID:4268
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:2
        2⤵
          PID:1600
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:8
          2⤵
            PID:2652
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:8
            2⤵
              PID:836
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:1
              2⤵
                PID:544
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:1
                2⤵
                  PID:3868
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4356 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:8
                  2⤵
                    PID:3732
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:8
                    2⤵
                      PID:5056
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4508 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:1
                      2⤵
                        PID:384
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3428 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:1
                        2⤵
                          PID:4720
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:8
                          2⤵
                            PID:1620
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3884 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:8
                            2⤵
                              PID:3732
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:8
                              2⤵
                                PID:3424
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3920 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:1
                                2⤵
                                  PID:3188
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1868 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:1
                                  2⤵
                                    PID:3112
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2428 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:2
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:1604
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4668 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:1
                                    2⤵
                                      PID:3908
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3444 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:1
                                      2⤵
                                        PID:3104
                                    • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                      "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                      1⤵
                                        PID:4280
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                                        1⤵
                                        • Enumerates system info in registry
                                        • Suspicious behavior: EnumeratesProcesses
                                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                        • Suspicious use of FindShellTrayWindow
                                        • Suspicious use of SendNotifyMessage
                                        PID:1080
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd5c4546f8,0x7ffd5c454708,0x7ffd5c454718
                                          2⤵
                                            PID:4020
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,9223706856104269963,11342153398082602310,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
                                            2⤵
                                              PID:1444
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,9223706856104269963,11342153398082602310,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
                                              2⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:2520
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,9223706856104269963,11342153398082602310,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
                                              2⤵
                                                PID:4528
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9223706856104269963,11342153398082602310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
                                                2⤵
                                                  PID:4392
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9223706856104269963,11342153398082602310,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
                                                  2⤵
                                                    PID:4332
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9223706856104269963,11342153398082602310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
                                                    2⤵
                                                      PID:4616
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9223706856104269963,11342153398082602310,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
                                                      2⤵
                                                        PID:4524
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,9223706856104269963,11342153398082602310,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 /prefetch:8
                                                        2⤵
                                                          PID:2900
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,9223706856104269963,11342153398082602310,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 /prefetch:8
                                                          2⤵
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:1644
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9223706856104269963,11342153398082602310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
                                                          2⤵
                                                            PID:4860
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9223706856104269963,11342153398082602310,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
                                                            2⤵
                                                              PID:2392
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9223706856104269963,11342153398082602310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
                                                              2⤵
                                                                PID:3828
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,9223706856104269963,11342153398082602310,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3000 /prefetch:2
                                                                2⤵
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:4032
                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                              1⤵
                                                                PID:4860
                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                1⤵
                                                                  PID:1876

                                                                Network

                                                                MITRE ATT&CK Enterprise v15

                                                                Replay Monitor

                                                                Loading Replay Monitor...

                                                                Downloads

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  3c565c2c2c91718d8402170ec307ea2c

                                                                  SHA1

                                                                  bd2323f07b93cca4e4cc88b6d426b2dc6d644427

                                                                  SHA256

                                                                  8d1cc59e99da79a9181ccf05ed7dff94e456729edacb1533c97220a482ef46eb

                                                                  SHA512

                                                                  4afa07932c08dfd97a7e64a4a5f6955e9d188eae65473a96a9979910919b4fdc2f7813e3266087bc0eec3ee6936e99be9a88a66914a56a3b54f1d94569256216

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                  Filesize

                                                                  2B

                                                                  MD5

                                                                  d751713988987e9331980363e24189ce

                                                                  SHA1

                                                                  97d170e1550eee4afc0af065b78cda302a97674c

                                                                  SHA256

                                                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                  SHA512

                                                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  7KB

                                                                  MD5

                                                                  c2e3893663c1410ddf17d19f77119cbc

                                                                  SHA1

                                                                  4b94f90fb661c300b0fca0edc6aacec56aea8b7c

                                                                  SHA256

                                                                  14c3a37a7d00a39f3959eac8d9aa8abbfcd66543e1ba2f5096545900e04c04f6

                                                                  SHA512

                                                                  41ddcb97d9b04af27b4a1ff506d9421bffca6d3e935004a6ec180a82bdab0efa3f68f3cd0cd10252d804f35ebb3bd11c8ac877541a149597ec27c770a0a1a1b2

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  57eac595541104f109d0766615f74786

                                                                  SHA1

                                                                  32a87ca8b8d710d50c088007a25ce89b1aa6c083

                                                                  SHA256

                                                                  ace126cdc7d4eb0f14c25a5c7ffb9a88f6163eea7565e2e1cf7b938428d8016b

                                                                  SHA512

                                                                  0f4bd390549d27d681cea5d4151aa4bafed66d59370f3d96519ad00275197caacea1b2bf45e48232dfa9e63bc22933fb51ba31b7da6e9b13a56fcccda8260214

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                  Filesize

                                                                  279KB

                                                                  MD5

                                                                  57419d9b78c80fe7c010cdda725394b3

                                                                  SHA1

                                                                  4e9bc26fbc48cc7c2892e8cf0b7d97436c55570e

                                                                  SHA256

                                                                  018abd4d82158d7953b4412e3dd3af516763b86187521a576f3fd01b98d2eb22

                                                                  SHA512

                                                                  bf0ec078dc2199f64b2676fdfab566e5bb13390cbe2f75bd60381b8034d0e20b3ca1aeb260ba84327ddd9e8ea09771791e2a7534dcd220d3ab897d32e75c478f

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                  Filesize

                                                                  257KB

                                                                  MD5

                                                                  cbe9644f45afbf3fad739666cda93ab0

                                                                  SHA1

                                                                  51066e0d9e7d9116236633679599ee9eea2080b3

                                                                  SHA256

                                                                  610a89f92064e4f25a55c7bd8912325637b1a5971388eb498860ed4f0fd2cb46

                                                                  SHA512

                                                                  fb064395858f470babdb9d85d636402278a2c9f9eb5282eeb9b061bb0cf06e0562ba72d65e69ece401978d6e965e0f64c62b488f4c992dce100134a842e496f4

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                  Filesize

                                                                  257KB

                                                                  MD5

                                                                  029545377f6cf66baa5dffed4153298c

                                                                  SHA1

                                                                  d6a1f3161f3613a2fcd28dcb119b4b4861fb86f8

                                                                  SHA256

                                                                  40762a3e89a9a72cb0fed7eeea49f54366b74a022ba69dc772eb13e3534a2b8b

                                                                  SHA512

                                                                  d35825a8a50ba08f2525f8bbc2894350375f52990ca43c3000f7b2a935777450fe42b5a7da9345e9a60735a30f651a2e92d12a11f87a686271beedfd698a1936

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                  Filesize

                                                                  257KB

                                                                  MD5

                                                                  0b014cee8dfea1e3ec61a99801c4d4c6

                                                                  SHA1

                                                                  c3dbd6d59c406c5a309ea235acb7117018e9a5ab

                                                                  SHA256

                                                                  751ca93e7f9b5b9b2d2f5df8c94f4847ec690a0ca4c1f0ff8362e4c117850649

                                                                  SHA512

                                                                  d488b2fb45e9773129a3dfddc5baefb389b3bfb95e3f53a6b32c4eb598808e5ff5d4930b4c79a2e5b169add776613e6bf97e53e67ac67fb1d3fe6084d47d0203

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                  Filesize

                                                                  91KB

                                                                  MD5

                                                                  6f65a03d9fe300acd917c8c1dab32175

                                                                  SHA1

                                                                  8c2e53baea6468ae5f892f519d5ed25ec98eab8f

                                                                  SHA256

                                                                  f227073c24b6bc1018139f3d99a0de18b40db43026b64f4ab841491d4a64fa91

                                                                  SHA512

                                                                  21380d76bf7aa506d17901f976083d92b7a4bedc45bedec869bd28e1f636ced3b67aa8bcc320f9581e1bfb1039db57a48c8a0972d6e0cbcb1a93f1c1ce11e9f0

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581299.TMP

                                                                  Filesize

                                                                  88KB

                                                                  MD5

                                                                  d12b457bd96dda70a0b5f52850da9b2d

                                                                  SHA1

                                                                  ee373c9e6a5935b77e251dbae55b391029db2393

                                                                  SHA256

                                                                  5aa545ef4aadc43ea45c9c776e8b472d41ae5b62db3e3f232dde9f1745fcd21e

                                                                  SHA512

                                                                  1d7807d1f9bbb3f5203a1c654d38d6d724d6c321fd2be1693a7b1b20ca7ba72215845dd5e35420968dda9c9f783d7bdfe3f2b9d1977aae5ff4ab4ec68a8d6f31

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                  Filesize

                                                                  152B

                                                                  MD5

                                                                  612a6c4247ef652299b376221c984213

                                                                  SHA1

                                                                  d306f3b16bde39708aa862aee372345feb559750

                                                                  SHA256

                                                                  9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

                                                                  SHA512

                                                                  34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                  Filesize

                                                                  152B

                                                                  MD5

                                                                  56641592f6e69f5f5fb06f2319384490

                                                                  SHA1

                                                                  6a86be42e2c6d26b7830ad9f4e2627995fd91069

                                                                  SHA256

                                                                  02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

                                                                  SHA512

                                                                  c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                  Filesize

                                                                  5KB

                                                                  MD5

                                                                  f23887df296d168e131b2aa11c31cb18

                                                                  SHA1

                                                                  68e889130a379f08ef963a57b240bdd2a9485327

                                                                  SHA256

                                                                  599ad666f52402b5d3bad1d3bde3b054af00e37b3d2df264edfea90d2da81650

                                                                  SHA512

                                                                  7b8371ac0be3c30bb0b7493808f9c338f5f3eceb9cbc7a748ebadbb02931c5cb23330f02a10be2620f89b5a61123edccdb0d0ed59b7e1dea15b616e669b84762

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  1c16282fecdef29eb8298553329dc7ce

                                                                  SHA1

                                                                  b17e73e5caa6c3229fdf2adfe6100235751dafd7

                                                                  SHA256

                                                                  9bd4bf75d6e832e95d23fa3f85bfd5fecac195859214452a7c13e5c23cadbaf6

                                                                  SHA512

                                                                  1c0cf3e08a1000c521ed2307c3678612a5801d8c40ab81f4db0f742bc77b9c6c1ff9f0613e51bc085256c22196dfea16acf1b2cf09e8582769962c2be941153f

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                  Filesize

                                                                  16B

                                                                  MD5

                                                                  6752a1d65b201c13b62ea44016eb221f

                                                                  SHA1

                                                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                  SHA256

                                                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                  SHA512

                                                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                  Filesize

                                                                  11KB

                                                                  MD5

                                                                  89b57488028638487b43c2bc737a8516

                                                                  SHA1

                                                                  bb12c029b23e68d442e6640e78468ecd4f61d708

                                                                  SHA256

                                                                  b5ab332230d62a1889271c57b49ec938c18a2584ff0193a5eaaf27f6abb7f2e7

                                                                  SHA512

                                                                  286547ad4de923378dfd76ef3a25353cb9429320d28655d2dbfa7bc61024e44eba6e826c34c303804a51c281bb295a47b6bb78feb01df1c3d3eacd5f7ad47e9f