hxxps://pfhvzj-5000[.]csb[.]app/

Analysis

max time kernel
81s
max time network
83s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
14-06-2024 05:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pfhvzj-5000.csb.app/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628166047427026"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

5052 chrome.exe
5052 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

5052 chrome.exe
5052 chrome.exe
5052 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 5052 wrote to memory of 4036	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 4036	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2300	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 4456	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 4456	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2324	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2324	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2324	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2324	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2324	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2324	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2324	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2324	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2324	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2324	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2324	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2324	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2324	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2324	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2324	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2324	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2324	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2324	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2324	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2324	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2324	5052	chrome.exe	chrome.exe
PID 5052 wrote to memory of 2324	5052	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pfhvzj-5000.csb.app/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff90d09758,0x7fff90d09768,0x7fff90d09778
2⤵
PID:4036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=304 --field-trial-handle=1768,i,11203582876129445200,13242246319073768116,131072 /prefetch:2
2⤵
PID:2300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=1768,i,11203582876129445200,13242246319073768116,131072 /prefetch:8
2⤵
PID:4456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1768,i,11203582876129445200,13242246319073768116,131072 /prefetch:8
2⤵
PID:2324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2820 --field-trial-handle=1768,i,11203582876129445200,13242246319073768116,131072 /prefetch:1
2⤵
PID:3684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1768,i,11203582876129445200,13242246319073768116,131072 /prefetch:1
2⤵
PID:3216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4768 --field-trial-handle=1768,i,11203582876129445200,13242246319073768116,131072 /prefetch:1
2⤵
PID:4424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1768,i,11203582876129445200,13242246319073768116,131072 /prefetch:8
2⤵
PID:4680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1768,i,11203582876129445200,13242246319073768116,131072 /prefetch:8
2⤵
PID:2924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1768,i,11203582876129445200,13242246319073768116,131072 /prefetch:8
2⤵
PID:316

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3636

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\33ce430f-a122-460b-9aab-b76f675dedb5.tmp
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
792B

MD5
02b2c2b19a83bf3dc8c2dc1ef742c309

SHA1
7b525cc40451194bc84c097a7138e8a5e3f604c7

SHA256
e3353a1ead84388abcaf7959024ed2966bbad5bd6e575ec4f2c720327b93685a

SHA512
fc5bbb505ddf02111b4a24342e1606b0845f7e3a9551f1835ffc364fea68392f4f6964f42b6bb759688ef2df57168fc1910fdf6f04ddea43c795c00c5da8258c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
da0d9ca1761980ecc2270ddd3a4df1de

SHA1
98cf396215ebb4e17d272155234e6c4625b1a304

SHA256
4b025ad90c3f3b21d5939811059c1de7b460af1bae3d1c9a4b95f601a28afb61

SHA512
73a1a29036ef6ef36a33a00ccb37362e5720998b5f61f2ed8b41190cd6e2614f80756ef79f14e2a587ed1718cd66399b9994e1c6c72dff9ec9f00b6bfee13994

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
d02a7c5327fb081c173c04395a0dbe7d

SHA1
e8234f68f0c7a2533437290ba0421c5db7383c68

SHA256
b61ac251ede21dad706fde41450945b910f45ff2ec09fdea51b9ae9b9c6b29e0

SHA512
bddf71abc758c74c8a1852c3df1ec8e5ba28eb46684c8ca4373d21b3c810f68e5e70cc1474e1545f304e29ae06c1a9414b1811f9c0954f89608d5568e7c9be9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
0f2fac17df27b30a0c755e71299a0180

SHA1
3dc35a9b23d373715c94a654082c4ad915ef2fdb

SHA256
bdc4409b43c0dd83e0cfda7447b488d1826bd55d2491c3ba9cb8b646afbb9820

SHA512
0c840a32403f79a0beb827ddcc21afcd5a53b9538019fc0e7e4cb4c07ae2c151339da39957bf97ddb7e92524121212d51ee9cd3012f6f42cf5376f7619cdc291

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
d7b466d9e3b1d8ca8a3d1dc6d14622ca

SHA1
148f4d53055e328070971263fa6caa354ce3cea6

SHA256
e67332880576d1bca73b2c7df908b4a5ac06a91ed901dee8e09121f972bcdb1c

SHA512
8607f4d2be3fde9331d7e89a7e89af4ef68595665d5569743bdcd1a5dfee5ec9942c35c59c0284d303034cce5af1743019f1a48832ccc122264d7d747ab5eff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
68047bdc59f302aefaa6bf7f1ca61d5b

SHA1
41419e5f41a1c9dbc67a2582a0e564c55e182e06

SHA256
80e7507f8837dd1393a7826aa98f2ddd1dcfcb6dc21754e52cb8da7af775d981

SHA512
8576ca77c353b6aceaec26c02d32467f21fbf653fabd46a23d3e95d34a1276cd80ad9364f2613c00d2fe2c18483847e68f7d9ac0fea991138dd12c34ace18066

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
95fda4d1f1278977be766f35d680a67d

SHA1
aa79e66da5acb05e5d8875b6cc684d61706b2e19

SHA256
26f0b089f95a2c451e66b65a49974d67567bd731b5ce32cf4355847fc51ff609

SHA512
9a0503de2370e695110bcc5646739b5abb19d68db9e49d51e25d2d1f8cd3ab5fc2a359bafe11db3825e143241445d076c222a9c5aafaf71322c13189d0ef00f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ef44d31e94460ab3c5f4a4f4c06bb1f7

SHA1
501f7b32fa3a68a681e8442f1ea4f210390959f8

SHA256
7ca86593e3d7e7002397810c419315744012b0bf71e4a8b5c7ce40dde34c0c6a

SHA512
cd1ad4130240c74375554d549d46be9df6240212ffb0b3a9fcc6e17c6440b3a02b10a79444e8bcc7f9934a93e0d1bbc69f58ea64eb1f8f93d87ab37171c63e81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
88ba76c6f1470d7e72dfc1052a5fc2c4

SHA1
ee3790a31efc754861af403f100b4bb43ce1935d

SHA256
4f0eda3b5b08b57660e11b78e73d27908864127833aabb067f9db3a7730269f2

SHA512
4a4e7cb75cb5d570122a95ae0e9328abfcbf4ca566676c1e3fbf477e92a6f21e71d0520a15d5e22907ad3c50a70cf13dea0f831dba8629c7a14dabc3ef819f34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
136KB

MD5
77585d2cd71b04e26f154a216db3496f

SHA1
de09319ab8da49f2edfb5bb4d73a5b940eb0049f

SHA256
f981e76e1081e51eb25567daaaad1ce961c092b5440a69a0867ae0be5d821cb1

SHA512
6e99e0cf1078dd024dd691726fb19d506d4a1049a6c4273ff56ad3edee41ca51ab6216c0939d97cd635a489d7d9b06580f0eec3b89c0c109ab26086090b5c147

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
136KB

MD5
dc199f3f646107e3587985c752fbf006

SHA1
739d30369ad1c886d25c85b17533c41b50900ec4

SHA256
2efb409dc6eb0c026572c05d2f48b674a159f86d817f00ea482947bcc8426ffe

SHA512
e9e80dd5d3feab34109edda53ffada3d0fb4c9fde7955e4dee4351ef655746b01e0c0c6618985e6984e29a453a24d729c87d6f611abbb6d3d14b917b4dc88353

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
101KB

MD5
3e4cc938e98897301b0088de78d60395

SHA1
08797dddc532cfb86b881e3a5e6d5a11580cd3de

SHA256
3cd80b66c0fc9f5eaaa0f4242afcff975af8521a5e420480a00fabfd57e0efdc

SHA512
eaf0fd922378c5ba55a8623979b907e9a762236d174b7ba88317e60244cf82c0c3a656af57c6f306960c90f1e627649ef2bf03d1bcf6fb19a41cb41c413acbfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe585f61.TMP
Filesize
100KB

MD5
0627b9ed891ad58bec66dc6655555abc

SHA1
a831b90113115fa053dd6513d5cbfe5f3c7c7a9b

SHA256
e6dc7192abbc9769a3cc7af35caa05e51cf60396316d6c7ad4879387c38f3863

SHA512
054117bb2511cffb049a7b21118e2fc6a2639a9dd1a95fa78027c6f763bd35b57b283406cf0c15bde3f84fe5618ebe32700fcf37e4fc83b2f1726c7ab1061e62

Download Submit
\??\pipe\crashpad_5052_NNUOWHWKAWCUYCKS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit