hxxps://customer-saas-5523[.]my[.]salesforce-sites[.]com/era

Analysis

max time kernel
900s
max time network
862s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
26/03/2025, 08:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://customer-saas-5523.my.salesforce-sites.com/era

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133874498910197679"	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1736937623-2710279395-1526620350-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1736937623-2710279395-1526620350-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1736937623-2710279395-1526620350-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1736937623-2710279395-1526620350-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1736937623-2710279395-1526620350-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
1276	chrome.exe
1276	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe
Token: SeShutdownPrivilege	5532	chrome.exe
Token: SeCreatePagefilePrivilege	5532	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe
5532	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4784	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5532 wrote to memory of 5536	5532	chrome.exe	81
PID 5532 wrote to memory of 5536	5532	chrome.exe	81
PID 5532 wrote to memory of 2924	5532	chrome.exe	82
PID 5532 wrote to memory of 2924	5532	chrome.exe	82
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3312	5532	chrome.exe	83
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84
PID 5532 wrote to memory of 3228	5532	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://customer-saas-5523.my.salesforce-sites.com/era
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce553dcf8,0x7ffce553dd04,0x7ffce553dd10
  2⤵
  PID:5536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1840,i,6106197313668909022,428278645960481534,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=1992 /prefetch:11
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1960,i,6106197313668909022,428278645960481534,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2372,i,6106197313668909022,428278645960481534,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2380 /prefetch:13
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,6106197313668909022,428278645960481534,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,6106197313668909022,428278645960481534,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4168,i,6106197313668909022,428278645960481534,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4188 /prefetch:9
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4636,i,6106197313668909022,428278645960481534,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3452,i,6106197313668909022,428278645960481534,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5124 /prefetch:14
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5128,i,6106197313668909022,428278645960481534,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5412 /prefetch:14
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4448,i,6106197313668909022,428278645960481534,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5416 /prefetch:14
  2⤵
  PID:5360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=1580,i,6106197313668909022,428278645960481534,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5152 /prefetch:14
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=976,i,6106197313668909022,428278645960481534,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5308 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4520,i,6106197313668909022,428278645960481534,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5312 /prefetch:14
  2⤵
  PID:2624

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3428

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5660

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a3053d462a25b689a6eae4439053db92

SHA1
d2d0e34b44088d8f3d34858f5eb0e20d48a6cda1

SHA256
8d59410b4d745ca7077cdf1c26d48946bff0ad164e6025e47eef06368d00526b

SHA512
e5260b052415422f7d845c5b1036d205477414a11558200ef4a846305f3fdc8a4b308af34b4789b1f7df47dc4e85ecd1c189807ea3ba13a4c46ac194fe541abe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
c0797ccb8d9fda9f13a6f9e439090a3f

SHA1
dbf56c2c871747c2febf31af10b39147813c1ed8

SHA256
68f311bf549292ef5c1ca4e3ba851af040bbf27fc075ac8c8b3a90bd7aac71a0

SHA512
1afd629fbfd71094e76ca25eea7748253b4a5695815e3f3f43333afc3909a5b51a6f0e9d9b8496e861dc82cd003ca84cf95746350aaefa8274aec4816053492a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
871b73d29659d85f96456b293aa8f5ab

SHA1
0e608cddb532cab1ed67a9170b8b54b447ca0d44

SHA256
453926aec36a664d21a5275230e37a6c4ad5c6e753b7b33b998799eb0dd2ae1b

SHA512
d5f444004b66c2c13052ab5a3a85b493df9eac08f7a09743680c6bc675b5b944af76dace9aa0965f43cc2caf9ccfa652bed0f9bbd93f98c5e00ed66a93ae0928

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5b33f8a0198091aece34f3372a11df81

SHA1
6fc5bf4bb383c66d160cf112728bd88db752a71e

SHA256
6bf56fce74e11d3a6c73db24eddf8c50c489136ce9c0499979a263978eba3c03

SHA512
d48f35b30a6cfbf59cbf3bba8a62df39a1def78a764dbf3540dfc3615407811ea28c3b526e8e451a0c69b4d19716128312a8dc9b1b3a9772b4a20b10b4775b3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
27241729769dc646f43064883082262e

SHA1
2ff996a007fb22f09a39770e3231aa278900921b

SHA256
5f50515c313d67ca168c69729dc2844da1181449873c08ec33eace8b199c7829

SHA512
be12261f28b7085e31b107554253e3e19422b00d23882068e6df2ed49dfef67e50a7f06630b9783be25fb34107eed996af4c424d707a0c4b65d25be1ff19abea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
aba0421a44dcf891168d73460101ab97

SHA1
246d2ab8f2a24da3b09fbc1a06668783e898d49e

SHA256
dfc5c157c98170c4a13f4b1695f17e738577f50f22b0636cff17ff568e7bc279

SHA512
88bc9f04259dc23ff989bc458e463ab20fbf4b8d093dfd69be88035d7fd79d5a105d306eb678e490eeecc5ff9f47432f2c6f2488d0c239c74cd066165fa75598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ef7a40b5eba0c909e235c872cc9a3cfd

SHA1
29f1e4380fa102390a75287eef04d12b238b8611

SHA256
fd0a5e49b2bb133fd18ee5ca3a3f6672b1da5359c24e4d3f47a4391e0b8d9f1a

SHA512
b6d4112c72fa546d1e11159d21c112c66665288214ee43d07fb2592b20c79b979f481941230e669bab1297b5fade6b04b63673429637280fdec6e39e4448e94f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
42e4082f52a95e2491d95fe07ae2fad1

SHA1
88cdfa3b7aac52d2f247b870ef31157186d562a9

SHA256
67f089248c1b0f3bfe51e2e73cd39c6dc98cc852f19a0bed71f4d5e8599ddf71

SHA512
582be62a3ec721620d88dcea07298c4280e1e2bf6406de21aa21d0344dd556ee04978acfe9b8480d32222810e4be4d2a2be52aea407be2d3d416752c4661515d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
96d822cb63a3704507cb9381ed264a29

SHA1
d75ff3fb2451966a0915e712d704c8f5d64c3159

SHA256
df78ff8e6522990fd5ca6aa447aca33b5e2c339e2689466885581b9c8b6c7b07

SHA512
69493ee3b6c7f8cc77725d7428484cd6c737ed94df8f4399efc3320f23a62bd13ad509724bfe9867d22a453d7bda1a6a50bbf3857d9cc0d03a05f13f00129679

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57dd02.TMP

Filesize
48B

MD5
f783f153e32261c2081019ed1ba1359d

SHA1
18e88d78b45e60f97659135e416db35442140077

SHA256
3ad95f02ef81abdb2aac9025a1f9f4f550d904a72111d2609035ba66fda5cad2

SHA512
25931b5a6f91423a174f7675845cef8944dacad65181f1cd70484b88ffbedba43a8d29cb615b89f61cdf48a0bb84740de902e1348fc1a02e26edf2112620b585

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
af3f2f3c7eefcfd9882d04573f652c3d

SHA1
57c190152b6169c377eb5df082ebe5487dcd9151

SHA256
2d1e7dfe0b7713d99e7390afea1e1efbfe6b8ddb582f0d3aeb55ffdbbe164e6e

SHA512
038d063ebcffa6228f944e9a32dcf1cc17259053d6378235c750b65c8663fe99b45c0821db8b00594fb2c01adb7d250c7a23f47bce767be8e84c1d7f1433d797

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
e9494da3681a1a41741c579e587a4ac8

SHA1
6db0291b2706d88f50f94bbfa0788e75fd0393c3

SHA256
f8f6aba2188d1a96708d41d7fd79b39afe59751465785fe48b78b533021a403c

SHA512
931278ea9186fa0159a8cb16c0e6a484bf1f270aab94013fcffd8087ef7d2e3f5256641337a3b9bde15421cc648a09c6a64b817a404017f16e9566e037d4f817

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
4de4fdb1a63bef5c775c422110b7f907

SHA1
490758633d196d205af159e9fa2278981319184b

SHA256
710e6dcaf504bc64a32a73beb32b5b8f9fa022ed76a45c8924040e3e5d72b879

SHA512
20d04cf676a57d17e8522afc885d3f414083af475f7af6da5f92b6c33fa2ac02d08e86aa6e0d32f51ac8935945e5872fe4d071fc1cd3f9977ae354e0b22c951d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
85d9d71d49b14e40ac5d531b131656f4

SHA1
988f8aa60f63f261c8f9d8bc538a158052db5da8

SHA256
438aac364e8b198b29d7bb1e134fa4d4f3bec80f7569dd3d644229a6ee5542be

SHA512
b1ffce4894116ff07454a71518eb868ad48a3fbb74f7e8ce647f847adf150595597a4e41fbf2c13b59a59bce7271e0112635a93fb3d8bc5896a5587021306287

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
23KB

MD5
17f9e305c9dcff45a9535fb6f2fb39b5

SHA1
53a8a33c102d807e4f88bceed33301df13719813

SHA256
f794a1ff2aa96616f0750e208d5eea7e02bda1594f1d0d353cc81a0336a7f4fd

SHA512
ba030e9fae85d5d7fef03affd81eb4200c0c2bf7868c4b88648c927b177c202bbae9dadb790ed163919eccecc052ed37e99d3eac3d642204bb99192fe0aca7b4

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
23KB

MD5
f67c92fba0a7b8b3a35dc8221c95cf19

SHA1
a0a55cc2cc25ce5fae4afd2ccd7c0d6d2bccaa24

SHA256
6784c66ea6902c73ac00b4996c7dd9f352bd3da3c8bbbeb0346513aab6f99813

SHA512
4c2e0ec333d469a36e9cead76cdd2d77dafe11d780a9424b962069d96f870a2705bc53c8ab996790dfb08df21c39acf9365ea09824680c9a30b1ed4c34eb1bda

Download Submit