hxxps://casa[.]tiscali[.]it/promo/?u=https%3A%2F%2Fw79ghh[.]codesandbox[.]io/#?bXVzZXVtc3RvcmVhcEBzZm1vbWEub3Jn

Analysis

max time kernel
74s
max time network
75s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
27-03-2023 22:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://casa.tiscali.it/promo/?u=https%3A%2F%2Fw79ghh.codesandbox.io/#?bXVzZXVtc3RvcmVhcEBzZm1vbWEub3Jn

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133244366428174554"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1036 chrome.exe
1036 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

1036 chrome.exe
1036 chrome.exe
1036 chrome.exe
1036 chrome.exe
1036 chrome.exe
1036 chrome.exe
1036 chrome.exe
1036 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1036 wrote to memory of 5116	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 5116	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2288	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 4884	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 4884	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2992	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2992	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2992	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2992	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2992	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2992	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2992	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2992	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2992	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2992	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2992	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2992	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2992	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2992	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2992	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2992	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2992	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2992	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2992	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2992	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2992	1036	chrome.exe	chrome.exe
PID 1036 wrote to memory of 2992	1036	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://casa.tiscali.it/promo/?u=https%3A%2F%2Fw79ghh.codesandbox.io/#?bXVzZXVtc3RvcmVhcEBzZm1vbWEub3Jn
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbcaab9758,0x7ffbcaab9768,0x7ffbcaab9778
2⤵
PID:5116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1824,i,5353099483215678748,17007562338127056323,131072 /prefetch:2
2⤵
PID:2288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1824,i,5353099483215678748,17007562338127056323,131072 /prefetch:8
2⤵
PID:4884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1292 --field-trial-handle=1824,i,5353099483215678748,17007562338127056323,131072 /prefetch:8
2⤵
PID:2992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3224 --field-trial-handle=1824,i,5353099483215678748,17007562338127056323,131072 /prefetch:1
2⤵
PID:3176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3208 --field-trial-handle=1824,i,5353099483215678748,17007562338127056323,131072 /prefetch:1
2⤵
PID:3360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4584 --field-trial-handle=1824,i,5353099483215678748,17007562338127056323,131072 /prefetch:1
2⤵
PID:4736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3360 --field-trial-handle=1824,i,5353099483215678748,17007562338127056323,131072 /prefetch:1
2⤵
PID:1372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4612 --field-trial-handle=1824,i,5353099483215678748,17007562338127056323,131072 /prefetch:1
2⤵
PID:2916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4876 --field-trial-handle=1824,i,5353099483215678748,17007562338127056323,131072 /prefetch:1
2⤵
PID:2964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5224 --field-trial-handle=1824,i,5353099483215678748,17007562338127056323,131072 /prefetch:8
2⤵
PID:4492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1824,i,5353099483215678748,17007562338127056323,131072 /prefetch:8
2⤵
PID:2676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 --field-trial-handle=1824,i,5353099483215678748,17007562338127056323,131072 /prefetch:8
2⤵
PID:4300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5400 --field-trial-handle=1824,i,5353099483215678748,17007562338127056323,131072 /prefetch:1
2⤵
PID:2892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4924 --field-trial-handle=1824,i,5353099483215678748,17007562338127056323,131072 /prefetch:1
2⤵
PID:3756

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4352

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
162KB

MD5
4043af37a3392a9db521ff9ab62d9608

SHA1
83828688e7a2259ed2f77345851a16122383b422

SHA256
ee076822f35390ee382cda71759a2eec8f4db2bc18e4e3acd586173c29dab321

SHA512
97a9d37ec02796cbca922559f384e1632c249d9955022578c14e046f2bfd9f84db113cf55899cfcf63fd318fbee050f483d04ae3156220ff2f0d364f989e680a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
909b3e0b18c08a4c063a5d37e4b3abc1

SHA1
63a8c019aca776fc716cda96935fd98593db8175

SHA256
1f23d487288a678e9f87abd9bbfd22adba1f5392d570314eec100555b75b9b1c

SHA512
80c78fe76b343634e04c7fae6713a5e3f1d2f6e08e9acea544221de10bc31d1121b55066c2e54ec1c09dbcf725ad12fbdb2de24e58f6275ba2dd83f4add5402b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
874B

MD5
02739972e16a18fd9693e6aeb6f53c4a

SHA1
2b09b02b9b81da11338cfa8316c01fbffb516a56

SHA256
273a1582c2a89b9f62d35d42a8c42ce7134135de572f6832b9ce82fe5db1b79a

SHA512
ee5317daa156203ff1e5064c68ec924ae9756cf20d59bf70cfcef2a707b08760eeba5a53127b1d74a534b62cdee1e4100152b9c32b61be7eff5abd8cae822832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ce7a99ee2185fd282dcdea2629204488

SHA1
74d770bcaf2b1c6af3df55042e796217b75432dd

SHA256
b6333ec74045e17c2f714da230c349e4fae02bb594af806819379194c41d7e04

SHA512
b8c4baf99ddcfe5d2ca4ff35a7d1e56db2cb85b99db90f22de8e8cc57d14aa3be4b0993ba2ab8441cfb42e9cf30a7261bc55b3e178bb5258d8c6e62a0a9a7353

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
e4ca9d9706fd06034564abf34dc6d97e

SHA1
9a0c1d985d5fc75506b06ae6053b7dab56b85dd2

SHA256
4fe7fe84d65638d6c89eca9c4bf6836470bb173f17479dfcbaefb922ab1371ab

SHA512
1e6b2e964a4c24dda3e79a1252ded25f00f332e7ae8e2d765b7191d4ce7c4d12c5eb5061dea27f72c9c48b4a6ec0c89f13dae0abb226e261666020e70fc3fa3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
a6dbfa74d86106238aa27257cacc97aa

SHA1
9d2632918e331702133206a297cc78afdb7cc1a8

SHA256
5b6fa930b623f42b361084676053a8d3a128e3d6ea010d04b979925d65acd447

SHA512
de9919c44d0bf9d19b837225c130d5e54fe77289d9453c0c7eb64b23e105a0cd20ef9d4c8ef5919dd5099a1b3781adf6fd2a8b8b0a991c7c0c43df0bbfbd225c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
c101825f7b10a2e2c09400dc3a18804a

SHA1
ee902ffb6cec48fbe661e019f0373bd6eb2eb951

SHA256
3127d78ee83ba71c1e497a55f39ad19c140ca6ae4f189d265d52e18ef8a9979e

SHA512
f13443dbc04f70d31ce09f461251202a8049723055ad685882e723f22b2707afd9cf9df505f9f4f4bd5db064914e7373158bd397467bb02bf1312d73f00fbabc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
717a51911360683f696e29b56a8f9add

SHA1
e9d149a1689aaf7d7f7da27c7d9f488d87419543

SHA256
8cfd63b40c45849ddc9457dbe4182061559384c14b472469c61f193fad87323c

SHA512
2d4d105bb58f0d96af86cdf8012fda6566102849b87fffa5a2808b2d6ea341bfab2704aeb0a1888bf3656a87b0ec77dd7d41df23f942c238eea17ce076488798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_1036_OMEYOQHVPUSMITFH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit