hxxp://Otip[.]azzurrofit[.]com[.]br/hh/c3dhdHNvbkBvdGlwLmNvbQ==

Resubmissions

20-03-2023 17:12

230320-vqtdbagf5t 8

20-03-2023 17:10

230320-vp6bgsef22 8

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
20-03-2023 17:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Otip.azzurrofit.com.br/hh/c3dhdHNvbkBvdGlwLmNvbQ==

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133238059412928169"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1532 chrome.exe
1532 chrome.exe
4396 chrome.exe
4396 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

1532 chrome.exe
1532 chrome.exe
1532 chrome.exe
1532 chrome.exe
1532 chrome.exe
1532 chrome.exe
1532 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1532 wrote to memory of 584	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 584	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 4672	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 1228	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 1228	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 3940	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 3940	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 3940	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 3940	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 3940	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 3940	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 3940	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 3940	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 3940	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 3940	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 3940	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 3940	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 3940	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 3940	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 3940	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 3940	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 3940	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 3940	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 3940	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 3940	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 3940	1532	chrome.exe	chrome.exe
PID 1532 wrote to memory of 3940	1532	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://Otip.azzurrofit.com.br/hh/c3dhdHNvbkBvdGlwLmNvbQ==
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0b619758,0x7ffb0b619768,0x7ffb0b619778
2⤵
PID:584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,1356819268809062797,15294564074090165240,131072 /prefetch:2
2⤵
PID:4672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1812,i,1356819268809062797,15294564074090165240,131072 /prefetch:8
2⤵
PID:1228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1812,i,1356819268809062797,15294564074090165240,131072 /prefetch:8
2⤵
PID:3940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=1812,i,1356819268809062797,15294564074090165240,131072 /prefetch:1
2⤵
PID:4344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3152 --field-trial-handle=1812,i,1356819268809062797,15294564074090165240,131072 /prefetch:1
2⤵
PID:4788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4564 --field-trial-handle=1812,i,1356819268809062797,15294564074090165240,131072 /prefetch:1
2⤵
PID:3568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1812,i,1356819268809062797,15294564074090165240,131072 /prefetch:8
2⤵
PID:3724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 --field-trial-handle=1812,i,1356819268809062797,15294564074090165240,131072 /prefetch:8
2⤵
PID:4032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5304 --field-trial-handle=1812,i,1356819268809062797,15294564074090165240,131072 /prefetch:1
2⤵
PID:1260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4824 --field-trial-handle=1812,i,1356819268809062797,15294564074090165240,131072 /prefetch:1
2⤵
PID:2912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3940 --field-trial-handle=1812,i,1356819268809062797,15294564074090165240,131072 /prefetch:1
2⤵
PID:4956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3620 --field-trial-handle=1812,i,1356819268809062797,15294564074090165240,131072 /prefetch:1
2⤵
PID:4032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2536 --field-trial-handle=1812,i,1356819268809062797,15294564074090165240,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4396

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:612

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
360B

MD5
19a8247ed3637554797e448eef7a9810

SHA1
73c1f60886a1d8390ae18eaaa52ae3ef70c3bee9

SHA256
ffe22959e88247c352d328fe3fa490054c709244c5a9a652bd0c7b4c5ce2f7db

SHA512
2c846d894815e7465deb8e6a8f6ca50d1917954d6a8ca480584f29c222eacc139cf3ac2a77930779f718daff9e5dd1ad0b335fab111e1611de2cd21c34d371ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
240B

MD5
87892f3380b7c525dcc66ca4ed33610b

SHA1
2c4ee9e6cb05b83a275a48b07301f44444912726

SHA256
ca0b762431106ae7a53df46bb81be8d1a785cd230cc020d2275db3727631263b

SHA512
2b2570560b4daf65af605e9f535c5a4eb0bd699e837858dfe5f06f8f8cf0b458aeb764e66ac27577c2fc0de7f69a2473cad9bbff7bc69049ced619eef2ee7338

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
b5ff4a9c09d2ad0be42ba5d35d1b4bc0

SHA1
99562fa54a2afc844b1d5b23311115c6c601be25

SHA256
e7037a9d2b63b2995942413d72e7d7ca903e6a2e5939f157082b81059955bdd0

SHA512
cd5ec2f9a9882b964ecd2a64ecd3a73dde3f9b120e9b910936b05d47b1492d5e45be14ba1c8de77cc72988544f5a1bcb5705531abf018518dee922ffb3b8b30f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
534B

MD5
ce5a804c8bffcb4731544ac1ab0c06bc

SHA1
f232b19f460465ed4907d0c7db72e70d58420d52

SHA256
592d75670581835d4259c552b4133d1b3201df17d3749b1d9ed8d60ec38f8c25

SHA512
fa96e6c0dfdbeb676b6c21d2a12080e60bc89b71681f7eaa07528ce8583a0442d8db63dfd17a23ee3ccf9c0538d024fb775900aaf330af017860287f0f41efbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
6b38a3e4b60281ba156f796a0164df27

SHA1
d72fc2f1ba8745cc95a5bd4bace3624d23cdbd86

SHA256
a77a32fdbda9ecbd82bd9d1a2369e74e8f5769deeb7a0c39b7b694a2024e60d0

SHA512
2480700790fe66922b09432cddc23a5eeb0215cb504c1d2a2744f13398782c006efe4dc80c5b36a69bdfa59a9114b886574c37043c30849bd7ba6d195537dee6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
82745be41175e456afff5911c0a0e6d5

SHA1
4715a0671a2c315411812b14d788f20378cc2bf9

SHA256
6490b810ac046c4108caf7585774a83f944532c369afc5f0d86cda19a7f8a3fe

SHA512
32c245bdde567e149760d2f2257a97d1eb4393e427883aa961a4922a7acb0eb72c9c9d2f85545970f0118774621a10ea6fb42dfc50bc60886fdc42550c828d57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
3e00e7aa11ede90449d8ced4b45606d1

SHA1
6dc908f23c1ab62d1fe95f58943ff26fe1e99001

SHA256
b45827ab332eb294040ecc0c5d1fe1bf8b992c34dbc7236022f67d4f0d37d02b

SHA512
ce16a36497088ac70366d8986a87edad2a6fee9cac3b025a22cf3bb1258d31ed1594988ad78cc1c58776ad4e3d48be8c22304e5cd3ecafb9b7704d4d02df2dad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_1532_VTYBWRONNRHUSHXE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit