hxxps://aka[.]ms/qtex0l

Analysis

max time kernel
300s
max time network
291s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
21-03-2023 22:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://aka.ms/qtex0l

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133239142401856964"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

1464 chrome.exe
1464 chrome.exe
1464 chrome.exe
1464 chrome.exe
1280 chrome.exe
1280 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

1464 chrome.exe
1464 chrome.exe
1464 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeCreatePagefilePrivilege	1464	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1464 wrote to memory of 3344	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 3344	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 208	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 112	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 112	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4276	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4276	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4276	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4276	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4276	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4276	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4276	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4276	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4276	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4276	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4276	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4276	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4276	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4276	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4276	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4276	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4276	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4276	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4276	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4276	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4276	1464	chrome.exe	chrome.exe
PID 1464 wrote to memory of 4276	1464	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://aka.ms/qtex0l
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4f829758,0x7ffc4f829768,0x7ffc4f829778
2⤵
PID:3344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1836 --field-trial-handle=1856,i,10170551530850902667,16390854479320437229,131072 /prefetch:2
2⤵
PID:208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1856,i,10170551530850902667,16390854479320437229,131072 /prefetch:8
2⤵
PID:112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2264 --field-trial-handle=1856,i,10170551530850902667,16390854479320437229,131072 /prefetch:8
2⤵
PID:4276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3176 --field-trial-handle=1856,i,10170551530850902667,16390854479320437229,131072 /prefetch:1
2⤵
PID:4560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3156 --field-trial-handle=1856,i,10170551530850902667,16390854479320437229,131072 /prefetch:1
2⤵
PID:2824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3848 --field-trial-handle=1856,i,10170551530850902667,16390854479320437229,131072 /prefetch:1
2⤵
PID:4488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1856,i,10170551530850902667,16390854479320437229,131072 /prefetch:8
2⤵
PID:820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4904 --field-trial-handle=1856,i,10170551530850902667,16390854479320437229,131072 /prefetch:8
2⤵
PID:2084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1856,i,10170551530850902667,16390854479320437229,131072 /prefetch:8
2⤵
PID:2456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1856,i,10170551530850902667,16390854479320437229,131072 /prefetch:8
2⤵
PID:3912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1856,i,10170551530850902667,16390854479320437229,131072 /prefetch:8
2⤵
PID:3368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4472 --field-trial-handle=1856,i,10170551530850902667,16390854479320437229,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1280

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4648

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
1f0e14af69dfead57d134ddbbb86b931

SHA1
cdfe71d665f02c5c672b448060c380ed3125976a

SHA256
633cc37b228f820ccefe89e00c8bf80b991297f6ffa2b1d31de3cf8576e427b9

SHA512
12efc57141814ab7046d182f0b1441371e38fa1ba4d2b5e9812f682ec450234728484896bf24768d76073b2f1fc2038f7d9b45f4a38ddac18a9254265caafbcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
874B

MD5
086bc0b6c6f712daee65958e48188ee1

SHA1
347f8cd94cf1fb5b7c578f4b46f4deef77cedc4a

SHA256
d0379ae00d33adb1aeca9916e5e6b4c718fc22d9d3ca42669cb033cacbd89233

SHA512
2657f0ec1edeebf6f6f6b133e242456720f484402ffd4e106137aa62683a6df2d0e601864e3dd35d92796860a5db32e484c789f5cbdd253369c8400489dd7f7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
0525e11c023f325685118efc0f7ec411

SHA1
e778cd5380197fb5aa1f2e901b1f851eac45f495

SHA256
8e71c9fa730e00a91833817b6d09e50dc16078cedc4941ef1bfd529020f86c04

SHA512
850abccf69cfe086072d1a2fb69c8e8bf0a726862eda27cc573a30d21e950f5b4512f49294a8ac5b7901e6fc97606c2b75ad63eddaff08a026391f818b9119e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
2ee9dfb8a66ec16219cc4f562ec5aecf

SHA1
dd40254683da53926568b7b0c900053f3337e3f3

SHA256
e376d93a6be9f681ff0c0051d7d7778c1925acab791e14e6cec8f99751654cd2

SHA512
e57080ecb6f044c61cecb766a84ac00222eaaa8d7c31909443be20e39784d0cbb81ec783eb8f848e8ecbbdb4ad7f087a7bfbe06061774a8a9e0d61ab87428243

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
146KB

MD5
13f42255fdbfc1b7d779218de6959aae

SHA1
12de304ba866b06624047759de3b39cce94f3c52

SHA256
9c6c781e7d188a43571b20a48e1f58f07e0cab991738d2d8ac88b92fe26e4153

SHA512
121cbff20dc2233dcaf9679eb06a41de2b33aa821e4e70faf7720b83706deec2d88bd55ec00ea8d6ac296cacca41bdf1ea695e60d6da757a49d1fc4043f05523

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
72KB

MD5
f44c1b9f2f329d6788e4042637dcbafe

SHA1
d058edd41f3e4c0dee5348a8f8a130037a4b328b

SHA256
41fbd79cc5eee7e88b087524e06ddf4a27d84e4b49a2b8f1fb8b1eabe8583c3a

SHA512
f8f771079a9b861de4bc5a782a6c944a17c2345d97c7db504d98551b4422cbfbb476dcd9c7ea86761af323ece3dd6738067abbb81ee816eb1f787cdf1260d3c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
145KB

MD5
90367cd10702553e3a6124c3c5dd9608

SHA1
728098c55114c21c52059bb9c5df09311c4aab78

SHA256
4727e203deae0351b05053879c20ed81b88dc8197a778dbf6503e42c16b7a8c7

SHA512
80f2a8e095edf87228e5d6aa735c7af743d25a9a51cb8a199b31f7722ff2f218b637b8d8f912eb084a3bfefbbf521d4178b6c960f95985649a49864819811c8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
145KB

MD5
0509affc2deb91b407796541798f8c1c

SHA1
7c35ff8ee4d7722035eb3b6b271dc747e703f833

SHA256
a7abc81a4bf9daa326c6e811c5a217b889904dce3e938a9c3223b377d2c8759b

SHA512
9feee159b87aebc643ddf68af5978eee8491aeac2994e2047246fbd2c0b2d0b67b45400fb0b02c64ec87d5e93391e6783d432d0476393a6fdccbedf659b4f2dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_1464_WHVWPWAENFJMODEM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit