ed0b1226d626cdd6d7684bd02f3db5ca78a2e22f6e084b677ffa0055341e6cd8

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23-03-2023 18:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FY23 AR-AP-Reports.htm
Size

418B
MD5

7fa952c74f3bc7c5768b671d3d145dab
SHA1

e62963d0c9fe22e007cac44419b0f0cac4efed71
SHA256

ed0b1226d626cdd6d7684bd02f3db5ca78a2e22f6e084b677ffa0055341e6cd8
SHA512

c050ea4357140652f954ce8e6fb3f3abe782b88802d7cf16a24541352f3a7b3939e33017fe6269664e45b67924a102e9f7cd7ef6552e904355c6596b09e61b0c

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133240732794673474"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

3448 chrome.exe
3448 chrome.exe
Suspicious behavior: LoadsDriver 4 IoCs

Processes:

pid process

692
692
692
692
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

3448 chrome.exe
3448 chrome.exe
3448 chrome.exe
3448 chrome.exe
3448 chrome.exe

pid	process
692
692
692
692

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3448 wrote to memory of 4228	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 4228	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 1416	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 3464	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 3464	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 4436	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 4436	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 4436	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 4436	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 4436	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 4436	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 4436	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 4436	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 4436	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 4436	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 4436	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 4436	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 4436	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 4436	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 4436	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 4436	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 4436	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 4436	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 4436	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 4436	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 4436	3448	chrome.exe	chrome.exe
PID 3448 wrote to memory of 4436	3448	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" "C:\Users\Admin\AppData\Local\Temp\FY23 AR-AP-Reports.htm"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffc9e729758,0x7ffc9e729768,0x7ffc9e729778
2⤵
PID:4228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1812,i,10297116127915679555,14501696578103591585,131072 /prefetch:2
2⤵
PID:1416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,10297116127915679555,14501696578103591585,131072 /prefetch:8
2⤵
PID:3464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1812,i,10297116127915679555,14501696578103591585,131072 /prefetch:8
2⤵
PID:4436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1812,i,10297116127915679555,14501696578103591585,131072 /prefetch:1
2⤵
PID:3748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3324 --field-trial-handle=1812,i,10297116127915679555,14501696578103591585,131072 /prefetch:1
2⤵
PID:2036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4520 --field-trial-handle=1812,i,10297116127915679555,14501696578103591585,131072 /prefetch:1
2⤵
PID:1916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3376 --field-trial-handle=1812,i,10297116127915679555,14501696578103591585,131072 /prefetch:1
2⤵
PID:4204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5076 --field-trial-handle=1812,i,10297116127915679555,14501696578103591585,131072 /prefetch:8
2⤵
PID:3796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 --field-trial-handle=1812,i,10297116127915679555,14501696578103591585,131072 /prefetch:8
2⤵
PID:3508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 --field-trial-handle=1812,i,10297116127915679555,14501696578103591585,131072 /prefetch:8
2⤵
PID:3864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5252 --field-trial-handle=1812,i,10297116127915679555,14501696578103591585,131072 /prefetch:1
2⤵
PID:808

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2288

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
f68f4de767622d7eae33734f84866223

SHA1
cac95bd7f5fbf3eb1345323202bda3e62b176c49

SHA256
ccac1cdb45622c8a9f46d6d9fe358f6b7adcb307b328cb44e70dcba66aa8176b

SHA512
b9198d6cbaa04e64dc80f34a6f446855aa22a35dffa083cc619eaa517e3de1183fbf3d407247a2da1153082ef9cc0c3103c6f1934b53fc17d2d453d149441296

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
672B

MD5
a6c9e4930b0b3a795361f8b7c7fcfc90

SHA1
454efa2c0f9ef260660205f48f3675fabcbe5479

SHA256
ffafebd4aa459a1b79d9cd69dbc2f4f207a651469d61ce4517ecc0041e49f1dc

SHA512
142886f20de170600bff9bf9ccf09910c718a17931abaa8505976017e9ed1750b12a5c7d3435bffbede89f45e81e187905415e73c08612663ba2d4cd19408f3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
753d66004fa26fb54d9160befcfa2292

SHA1
8cce8010a1fe6bac8c93e6b677b5ca0622169494

SHA256
8a9fe8f8c925a5a4e4f976252822bacc97880649dd6f461715c70689984b410c

SHA512
55de515acac01c2d8e165cd4fd994ed50316f7f0e9e3e4d98cc487a0fe80fe1e943749820bef9cad21ca92ebbf70a5be13bd3086d3aba439fe33ac7461383175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
f4250df50bf88c8a1aab52d76f4b5567

SHA1
8c2d39de34acd77883983525dbed8e2abd3ebfd2

SHA256
f60422c11be92dcf4bf85b00a693c82801db6fdf8896a837b53352e4eda44176

SHA512
a229f3874ac2612270557e77266f15219ff2fd78045f47fe88f9b5b7750008fe54c5dba18decc6f4ff3e2c639f1de4930b6c1fe895bb7d11650573aa4cd8e1d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
c18e149e30fd28c13a51255b7e737ece

SHA1
2b4ff5c67f4685a979d57a4763a0acaf9ee3d312

SHA256
6a9f963a68a7660ddc93eff47309aa25a16327fc585375fd4bc53b1d301665fc

SHA512
d49c57a4ec2786e21035bc7ee0aa8d01d047060d7a4083cf407ad3269ccbc64267a93f14120bf77ca4094904fff1c1b11d31ea9ccac431ca12b9199a8286d788

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
b86e767a68f2105c2d75be5fc0f61a60

SHA1
80f70854765b7202f8a323adf466d608e899840c

SHA256
eeb1f6593ce2a662312e692e6dad4497f05a55f383a43fa49825b4d54e65e589

SHA512
5cd3b378fc2609a04b134356a95e9bebaa304c4d7c2214972bae145dec1eb87018e8192c5eae6b51a63baf7e81abfab625ef2cecf2fbd787ea92cc9329ba4935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
89ecb99cc56a2d0336a38d113ef3e07b

SHA1
442f3d7d38a795d563c9573ce0ea52947a5c266d

SHA256
3a82152a7edd4fb5db285708b3e5d1122b03f80716d5df80c3d1054c06711f7e

SHA512
dad930856e6b4ea42e05363104f216e52a0cd5980597558d28515d599782acb1a26ee59d900e2cbdf6ebbfb61141a183c709abe8e991cf907539a2c53eae85b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
caaf50ee4b19f262585a62bbea40718d

SHA1
ef00e27d5836d9a5db4c6f1802e16adad887f92c

SHA256
e7dc2f72f3fc44dabf6818842999e1764ecfdaff1537189970349139bd018a78

SHA512
dd881d014abaa6e1990dca7006230964a7d59fee86f8b6fd8ed439f66fef2451494c9994f4477d5b13ad9019532e2d4ef4d0868e8f1237c0cfbe6cd80bf956cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
9459dc9143a258ef12743c19efb21328

SHA1
6a3fdaf6b15f4b62353290839599b798072d6b44

SHA256
04ee7858485fafd0e522aff5a728b31901b4759653202985f9d7180e12f2f3bf

SHA512
546d2707659dbdf8adf60660fd9eb9414de64aa95756e4fb80d8b6512979bbe90a27f048aff106f1a1667fd7d0087872ce5b37398416b94ed2edb50d9a19129c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
a77f726dbe309d54c1d344d799ec69f1

SHA1
311d23bd81ca58df7a4e55e4472ba63f646d0418

SHA256
c3d8ba2821a8a61f94fb694334f4c41a10149dd4965c31af0ad4e6fc02e30bd1

SHA512
70d8caa06e66d742e7947b713226f68278fe2036d7e2c6ce84fbbe5fc95ed5193c34c735d1de2ea5e33b7a516a131d1aa57d9a60b7a9c07cdf86e1deb8a2f671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
145KB

MD5
df69b7ab2a700f8f0ea9b39ca344334e

SHA1
6718e0d1b8bf1d28be1906e8b38624d09ed8075e

SHA256
4bad83e852bef89234bc5df645d222d310c78d9d0ec61071c525878685ddac15

SHA512
456921fd03412ad4fdaf7a315beb25b46473582d6a9e018a1c4d198a3fb4295343409ba3142f769722aaabfdbdc15a6bf8634a3079d4ae0de76610cd919588a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_3448_ZOEFQVTVNBJRCWWC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit