hxxps://presentations[.]yesware[.]com/ff9bcda91cb86b02dc3c2f6d644b74b0

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22-03-2023 14:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://presentations.yesware.com/ff9bcda91cb86b02dc3c2f6d644b74b0

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133239733969144305"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2204 chrome.exe
2204 chrome.exe
3208 chrome.exe
3208 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

2204 chrome.exe
2204 chrome.exe
2204 chrome.exe
2204 chrome.exe
2204 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2204 wrote to memory of 1580	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 1580	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4992	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4308	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4308	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4420	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4420	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4420	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4420	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4420	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4420	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4420	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4420	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4420	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4420	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4420	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4420	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4420	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4420	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4420	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4420	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4420	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4420	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4420	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4420	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4420	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4420	2204	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://presentations.yesware.com/ff9bcda91cb86b02dc3c2f6d644b74b0
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcaed59758,0x7ffcaed59768,0x7ffcaed59778
2⤵
PID:1580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1832,i,7584460026191785207,1777933087112429373,131072 /prefetch:2
2⤵
PID:4992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1832,i,7584460026191785207,1777933087112429373,131072 /prefetch:8
2⤵
PID:4308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1832,i,7584460026191785207,1777933087112429373,131072 /prefetch:8
2⤵
PID:4420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1832,i,7584460026191785207,1777933087112429373,131072 /prefetch:1
2⤵
PID:1888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=1832,i,7584460026191785207,1777933087112429373,131072 /prefetch:1
2⤵
PID:3700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1832,i,7584460026191785207,1777933087112429373,131072 /prefetch:8
2⤵
PID:5004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5076 --field-trial-handle=1832,i,7584460026191785207,1777933087112429373,131072 /prefetch:8
2⤵
PID:4692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1832,i,7584460026191785207,1777933087112429373,131072 /prefetch:8
2⤵
PID:428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5028 --field-trial-handle=1832,i,7584460026191785207,1777933087112429373,131072 /prefetch:1
2⤵
PID:1156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5272 --field-trial-handle=1832,i,7584460026191785207,1777933087112429373,131072 /prefetch:1
2⤵
PID:4692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5288 --field-trial-handle=1832,i,7584460026191785207,1777933087112429373,131072 /prefetch:1
2⤵
PID:5044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 --field-trial-handle=1832,i,7584460026191785207,1777933087112429373,131072 /prefetch:8
2⤵
PID:4176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1832,i,7584460026191785207,1777933087112429373,131072 /prefetch:8
2⤵
PID:3364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4632 --field-trial-handle=1832,i,7584460026191785207,1777933087112429373,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3208

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3332

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
504B

MD5
08f50f5706f29f0faf1b056931f2653d

SHA1
15ac67a0c72bb9d4a9f51a8288fcb32fa506526f

SHA256
c00f2c9cade5a3d97960fee49a398e2f4911a3b02887ddc5b4ac429842a016a4

SHA512
0285d84a522a7d77c12eaf4fd6f86382abbf855a02bf0f09e0184a8209a6ecc6547adeec446ab8d751f434b231135776ae9c7d833c29214d0cb8617a15508224

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
696B

MD5
09d6ccbb67837ac71489f2adc1a3910e

SHA1
c2dfc9c0327183273fc1abec2871e139768f41af

SHA256
efec727bef1eece9d6f8e4c20c63fc7ef73f0706fcf8bf74d7392f95ce9e811d

SHA512
06839bb1b6731ae1477d781e22c6f14c01b4b571abf006a77923cd3fbebe287a970d2f8a87f0de28ee9444fe3bcd73e78a908a0ae40a71f1cc55ebf442f7fbac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
be57a36ceb3a35fa7678225cd8d75282

SHA1
c5db3d0af6212d35e9b92a31748065473cf81e5e

SHA256
dcc438039814d42ac254487d3cb79eed315b9305166dcb927ed5352a807bf393

SHA512
6d1a9711e75e59dc38dba092107c6396d8d8f7a1531da64f8946f3ce4cadd7888d3464680cc5d1246ef39cd313791d634147de503e42b8cc93eb0cd4ea993cc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
13fc662158a7ae702a82a846a1641a49

SHA1
590b4369b0559a3b5d103d2465e1a08d86f3bd2f

SHA256
438b4f6022e68d9c15cb8e5429fa234aef073de193c9b6565380261cc213fb3b

SHA512
5d65d1a32425bdc352e17e1ffb63d05b5ef51ab2201c0f036346c57395eb9dd8a0f7437a5a728580845240df25ca4da69369352a2aa5c7ce8acce870018a84f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
5da8588db07bc60794e63026369ede42

SHA1
d149d7fb8ea3be347176d2ede2e41ab520d7f4e5

SHA256
0c328d1aead5e955cb8aa5b6eb20fbbc7878fb0777ba9ae0b50a4a3389b5cd81

SHA512
a713e70ee193b2e42bb83333de8ef755baf352e881ef8bcac84b12ab5a1d57f4ab152b186bafe58fa959d1ba9eb938edf5e39c845bf1bb7c58678498b886c9a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
84ce8d9dd96f526f9b96607af6ff131f

SHA1
a595417493a21da537fb3d1109e182e3ae3f254d

SHA256
5aca22dbd67b30b8355f791bdbee3eb3691bb2be374283436ac51602ad197d12

SHA512
e067eec22d7ab33b3acc81e5dacd33ac083d82496d0d2f53a317a819f0235ec0023fdacc1216c3010baae7f5f50e846cd7706dbdecae4591a11905ccda199e51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
dda0ac5d1c302bad761b3ae05196cd5f

SHA1
d6341f4551c2eb2a23e33c150fda1dcae96daae5

SHA256
2ea3389acf471636810e7dfbf36d5b833c243dc2c413f64627db942fbed6a45e

SHA512
9cf70515c5e38014e77bb7169764250b7049059afedf0d4b6d0ab13245407e581db181c42a6859f9f599394cfa1f88e626b7a186701e6aeb712e76bff6099a3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
cdef2c51e5e609bf10ad1996ee44aa9f

SHA1
249f00270105184917d6868aee75960b7cdbc68f

SHA256
bf4c76a50ca1068d1c0653ebae8fe0d9ec92a7b35b6caffca97d90e5441433ef

SHA512
296391519128b548d416c90b684e497059d8e46d7f1f12abda461691d4be3558ed5554fb5f9b1891d4b311f5fcd1fb66130eceb889772d29fced77a150326b3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
e30114b4ea04d27016a06bff45883712

SHA1
8394036084a3e532e273de4605c42230e000d3e6

SHA256
6ea69d51c5f182a9bd5f4d4d2930eb71169361936e0fb3f6feb8788e1d2288f5

SHA512
1cd970f96fde7f8b4cc47bf683904e212c02eacfa0ba3c95465d3ccbc2cc4934f6654b49fa702a88a7d57d39aaf0b9806ec3f379e0f0bc86674ee5f6e35176a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
08ff38fb3d302c06d4b35c2a9151f1f2

SHA1
ed7125f9680f6c378255ffd7c78f3af56c6507cc

SHA256
dfa74d94ee82d02de0bb9e4f8afd15364a201887d4105807bfa2507b52e37b13

SHA512
76ea2a88929005d276ff89e8586c65199d4da007086af191f26cd707259bf872dbad6e14a1e710115593b89e62625f22b30a08a81362aafded692e42cd339516

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
a47d824ba728a86e304a4c0e9fbd30f1

SHA1
cbcf74707ab6b6a041113466299ac7984474b0f5

SHA256
53496554d6d6562780b1a6d76a4997060d73e0fd174521842bb64077e19d4d15

SHA512
2f97295e4501ab478db9925e9f11105725a46c65bf50c0c338fb0302c5c44cbcb2f782d74cd60d12dd9662e1cebf1e2af284c12d0d4b9fc8ac3d291da475b67e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
26f986c946f0d91c14e64dd03ba55a2d

SHA1
f4783b168759ce7f9ade8fedd6a8be0c0d5e4a5f

SHA256
c92ac10b277d29a6ccd40094defc5dc48515ba53f7c3e0b8d0cb16e01a2c6334

SHA512
64410e4ff476bcc9bcc7899cda8dbef5102978e54c6c2c6432f3f3322f3ef498752758f2229aa621b9507c25262f67e668650fcc78767f3f58c49ec1c5d01b8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
103KB

MD5
5229ac6d64e037e81075fbe3c55506db

SHA1
1bfc5478ca70bfb53ce7d92c1c982a8defd9ded6

SHA256
495b8b9d4697c69e07bc45efe3ad1c1da2aeea8108ad25ab38b277b72a01464d

SHA512
3beb47094fa8869f9c163d5164ad7b62a2de85272c1ecce6023ee73b099217ad1d3cba52a25a524300a8f0bd4d07de5fd9c02ff2177ce6b5de46cc0d88e50a15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
104KB

MD5
c4c343c4abe12f8df2aa1777f3172908

SHA1
2833f5a9a5d2f73b3efd368c73448c9bc02458d3

SHA256
38a2cd3ba35ecb2d9a09299e063a4501fef12e48cce1c24f5298a91a0824f07f

SHA512
c5b7b67cf6b7deeb3428e78c1c6b3853aa1c5171b7797abe471b14966535b3f6835cf229da968189b220087b39ec9d52273d29ac441fa88b827e216fce3050ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe572105.TMP
Filesize
100KB

MD5
8b2f2ef562492a1d18cb0823d65c19f4

SHA1
f726acfacc6ced2ee0d67d5dced7463d241cd6bd

SHA256
0993f98ac4536f5375fb686ad5879834272889b534d277a2495db790f0610c3b

SHA512
59bf3c3e9218052fe3b0bd33973faf7ddecc0921dc0ba74c413fbf1b4e52ac399ca8bc98907606a16a5c0c11115a74650fb3981b80841436d1ecf536c9acb724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2204_JUZLLEGOCHCXQZBN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit