hxxps://casa[.]tiscali[.]it/promo/?u=https%3A%2F%2Fw79ghh[.]codesandbox[.]io/#?bXVzZXVtc3RvcmVhcEBzZm1vbWEub3Jn

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
27-03-2023 22:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://casa.tiscali.it/promo/?u=https%3A%2F%2Fw79ghh.codesandbox.io/#?bXVzZXVtc3RvcmVhcEBzZm1vbWEub3Jn

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133244364698143767"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4168 chrome.exe
4168 chrome.exe
3292 chrome.exe
3292 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

4168 chrome.exe
4168 chrome.exe
4168 chrome.exe
4168 chrome.exe
4168 chrome.exe
4168 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4168 wrote to memory of 440	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 440	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 1000	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 516	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 516	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 3680	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 3680	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 3680	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 3680	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 3680	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 3680	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 3680	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 3680	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 3680	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 3680	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 3680	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 3680	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 3680	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 3680	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 3680	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 3680	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 3680	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 3680	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 3680	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 3680	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 3680	4168	chrome.exe	chrome.exe
PID 4168 wrote to memory of 3680	4168	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://casa.tiscali.it/promo/?u=https%3A%2F%2Fw79ghh.codesandbox.io/#?bXVzZXVtc3RvcmVhcEBzZm1vbWEub3Jn
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedaa59758,0x7ffedaa59768,0x7ffedaa59778
2⤵
PID:440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1756,i,11443728422623046074,16638777715001382797,131072 /prefetch:2
2⤵
PID:1000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1756,i,11443728422623046074,16638777715001382797,131072 /prefetch:8
2⤵
PID:516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1264 --field-trial-handle=1756,i,11443728422623046074,16638777715001382797,131072 /prefetch:8
2⤵
PID:3680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3168 --field-trial-handle=1756,i,11443728422623046074,16638777715001382797,131072 /prefetch:1
2⤵
PID:1928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1756,i,11443728422623046074,16638777715001382797,131072 /prefetch:1
2⤵
PID:4716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4472 --field-trial-handle=1756,i,11443728422623046074,16638777715001382797,131072 /prefetch:1
2⤵
PID:2368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3440 --field-trial-handle=1756,i,11443728422623046074,16638777715001382797,131072 /prefetch:1
2⤵
PID:2656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4904 --field-trial-handle=1756,i,11443728422623046074,16638777715001382797,131072 /prefetch:1
2⤵
PID:3484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4472 --field-trial-handle=1756,i,11443728422623046074,16638777715001382797,131072 /prefetch:1
2⤵
PID:1280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5200 --field-trial-handle=1756,i,11443728422623046074,16638777715001382797,131072 /prefetch:8
2⤵
PID:1672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 --field-trial-handle=1756,i,11443728422623046074,16638777715001382797,131072 /prefetch:8
2⤵
PID:2720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 --field-trial-handle=1756,i,11443728422623046074,16638777715001382797,131072 /prefetch:8
2⤵
PID:2268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2824 --field-trial-handle=1756,i,11443728422623046074,16638777715001382797,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3292

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4564

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
162KB

MD5
4043af37a3392a9db521ff9ab62d9608

SHA1
83828688e7a2259ed2f77345851a16122383b422

SHA256
ee076822f35390ee382cda71759a2eec8f4db2bc18e4e3acd586173c29dab321

SHA512
97a9d37ec02796cbca922559f384e1632c249d9955022578c14e046f2bfd9f84db113cf55899cfcf63fd318fbee050f483d04ae3156220ff2f0d364f989e680a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
9f8063de2b2ab722c1d6833cb40bfa93

SHA1
c5edb4ac6377bcf52858fda7cd05cffc48a67089

SHA256
1e6297aba09290db954df3b321a8704aaec0fb1978cc034821d5ff41e5c2fecc

SHA512
625f9d29122d24bbb554f7a508f51de4019efd6577d16e571154c5cbc478d94cb720c13d319479994014ee79c69106b6d2c1508c1f997f0e553494a4d2157330

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
ce03dfde7708017e223437d096f8607a

SHA1
87bc253e3b74039abcd1d4d4b5407c2b69cbbfd4

SHA256
697c25c620194f0628313912701129c47b233740a3d8f5b156ef1aed0369b83e

SHA512
953c146d3ba884bcc1b5c9589f08bedd5da3151ca6e7f259a77a260e59fde649ae5fb54ab7f92350c65556852005c4d15c67c8a6a3ffc0f7c86b98579b7464f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
849fd6866d0619d7b3dd87f57c1bfca9

SHA1
c14525c4c7ade55a2970b1a67b8fa9affcd472d8

SHA256
e1c3bfe4678c7456d26015210be1c232080d1f791f63c534a26151a23db8af9e

SHA512
7593975bfcc8ebfbfdc8afa9db383ead14e4e9963fe388bef1349d9d34107bd0a760556c2dbde3ae0eb24b5cc546b1b998041544aca39cbe747b7f1983024013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
874B

MD5
ed71735ca5a1825df9ed0b878cf34a47

SHA1
4ce181d63f693274ec4aa074021884c65ac70b4a

SHA256
8a097a8ec184adf92237d910fc10ab377416ca23b5e5b93bc2167afd2bf419e3

SHA512
936f726b10a299d331b66018b2510c4a21ad9bfe3196e45ffb680cec3e1d6c6d309244a3e5225de64e21a817c9f304cb33e81668394bac4cc44d15308d15bc42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
17ee795061ec285dbb3826a1e82c692d

SHA1
03d5d2a8d08dcf1f3ff65aab3cfd70d7b9f98764

SHA256
ce3f90eadb1dbadcec7c790a12090d926298511afcac3effa91f73b2992dac07

SHA512
385771eb3035bb36733de82ffb64fb88af87bc72ff260423d2ac586f87752a7c6b2708db81161b617742029f3108417badd6c16c7de2c390fd41f8bdbb8723aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
97e3021f6072ed128469bda6562728e6

SHA1
bc73fae997fb999ee69a782f39d7f12d84b24f28

SHA256
5cbd647fbd64620dcb4333a904ea51db0ea9aad819cfd9d4c6e9be1bacc8be87

SHA512
22368d77502fda851cae8db7b4af43609bbb43c24d77488f0876b41143b07f08a454aa0975a47bb0be345fd9bc59bee46a215dcaa796c5222b6a04b4b5eec58a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
9d36a773d9f4ea859a9ee3541740f7d0

SHA1
56f074c50790c66b09a109ed414eda472f75f0a0

SHA256
28b04c85c33b9f268783a97d58c1cc57b5b7bddb0cfde9e10461f7c99ba0ea20

SHA512
90a32dc4be2c80ffa2114e961ecd68ada8d4451acbc7ca8de27926824d73e13deff9e6170d5aa8ad496e0caa0745c49b26f9ff0e5be7f8858f6ddbe9f3e862e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4168_GPCGSJTGBRFNSWJY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit