1d74c821e8e546d06e7c155e90b92ae34892506872d1a7fd0baeff597e7c8ace

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
27-03-2023 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e-Secure_FedEx03818420230315112447.html
Size

756B
MD5

9e180ce6c5e4286a66c6dac3e7df9807
SHA1

879ced7b4b7ad1c7bb4f4d86b25875188cb1ff5c
SHA256

1d74c821e8e546d06e7c155e90b92ae34892506872d1a7fd0baeff597e7c8ace
SHA512

3d95cb5652020657dba83b27559676772d7a5601f186200eac9f2c2c198f69a91e920e8f1ff99339948c64c996ef6511362b2325e2a9ec952c1c4ad324e46702

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133243641176670330"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4388 chrome.exe
4388 chrome.exe
1924 chrome.exe
1924 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

4388 chrome.exe
4388 chrome.exe
4388 chrome.exe
4388 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4388 wrote to memory of 4832	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 4832	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 3520	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 4476	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 4476	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 4940	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 4940	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 4940	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 4940	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 4940	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 4940	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 4940	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 4940	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 4940	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 4940	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 4940	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 4940	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 4940	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 4940	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 4940	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 4940	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 4940	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 4940	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 4940	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 4940	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 4940	4388	chrome.exe	chrome.exe
PID 4388 wrote to memory of 4940	4388	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\e-Secure_FedEx03818420230315112447.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe32f99758,0x7ffe32f99768,0x7ffe32f99778
2⤵
PID:4832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1816,i,5285924903096605238,10475937806542749961,131072 /prefetch:2
2⤵
PID:3520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1816,i,5285924903096605238,10475937806542749961,131072 /prefetch:8
2⤵
PID:4476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1816,i,5285924903096605238,10475937806542749961,131072 /prefetch:8
2⤵
PID:4940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1816,i,5285924903096605238,10475937806542749961,131072 /prefetch:1
2⤵
PID:1700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3248 --field-trial-handle=1816,i,5285924903096605238,10475937806542749961,131072 /prefetch:1
2⤵
PID:4920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4872 --field-trial-handle=1816,i,5285924903096605238,10475937806542749961,131072 /prefetch:8
2⤵
PID:3492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1816,i,5285924903096605238,10475937806542749961,131072 /prefetch:8
2⤵
PID:1080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3848 --field-trial-handle=1816,i,5285924903096605238,10475937806542749961,131072 /prefetch:8
2⤵
PID:4196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4852 --field-trial-handle=1816,i,5285924903096605238,10475937806542749961,131072 /prefetch:1
2⤵
PID:4252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4944 --field-trial-handle=1816,i,5285924903096605238,10475937806542749961,131072 /prefetch:1
2⤵
PID:952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2744 --field-trial-handle=1816,i,5285924903096605238,10475937806542749961,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1924

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3712

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
9a97da5eb9eb9ae45424a3768ae55735

SHA1
1acec4c941f701875381b2072db3dc96219180cd

SHA256
96057973d5a56b878a6f0294a9873177806e8b9d82174083e33e209fee7ed32a

SHA512
cbdd810b82ec44cc6002749188bb1dcd62fce016d0e3bb460e9a52f7c48067caf6dca9c075074a4a7e853d976bd0f2a1b2b2ee6592cf94416e9807d60b735843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
39944a01faed76c5e14bed788a4f5d22

SHA1
0f3655757f8aa767605d312c867157149f190b3f

SHA256
32875f4589ca68cb538f9cfd5f60a5da6f6392dfc9541b80eb26a652970df2df

SHA512
0bc3813410538519615aaeaf9e8a167e66076b4c43c029eb92c0d75eedef67a3a9b36a4cd6254ccc2f998077191770d46872c75c4d15ac9d50df25a1640c3377

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
538B

MD5
9e9aac70f65aff716e67c819132e9470

SHA1
f9549a9b6a1de52e7e9a74aa5aa40b77aea802a3

SHA256
da57c910f5753cbbd8c8939ecec9f869f168d7d5e0bfae425052206957b84794

SHA512
1ce3f0c330fc9b5d485a43718f2905702b081ea85698b6c0e23275ef2b157e77a6e163c331d41e02ea269bd893247474e2c85d06dde7f4d0cd26a70875c8f310

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
705B

MD5
67efb586b66aff4d777e0d42e1d7f05d

SHA1
6c07b62acf643af917e459009488a001cc2abc2c

SHA256
7301f39305b15df71ed9950780efbd8534ba51239ec7bb2972e635edd6a6e2a2

SHA512
1a6a0329b25d012371729a49d93841421f3aa64fa3f962a3eaa85e91d6624f415112cabaf822bb02a86b2571da026d4531e49d758c3bebc6daa55dcdf26abb03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b4757b976698932109a2906820cb208d

SHA1
4ffb0f109472308ac452d76f5ebae8a3f30175b6

SHA256
7d997c200daca6f754338daa0c6f53b0595c6b1298554dcd55bcbeff65159691

SHA512
03aa2f8884a5ac4353941edea3d6d62e24599d2c92dd06dd9a2c7799297dda9dd5070074bd150ac830355da38ce97e69f722a128dc96b11f75e0bc012c85fd4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d0a7b86b2d3e45e9bd845d679a7b4d98

SHA1
9b2baf7af5812fa2afa66e4b75e77e6181fbc0c8

SHA256
7c3475a8160bf9bfb351bad0811645601210dbc40b4b051bc6732aa3acf09854

SHA512
6b4018724a8bdf00b4efe1cb24856d81876a7bae2e54be10afa062408bc398cc9dd0166ab65c6ef211e985276c88162268501cf7609cbd3fc30c555d08074743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
583fc46891d772ad3cc5cf19d5389e6b

SHA1
043b5a99eda642e50b71a017bcc2ad8161ea4107

SHA256
c35a3a41381e0dfd69d17147685022985e1361b1f17865c7bec376de39e1b518

SHA512
8106b538e5277f224ec687cd227951a7e7bd3e423849c06687dbf3073fce4cb933e9bf53dd0ba2b59a78c15125a0c8ccb26fd40918a6fd95f30d31232d465997

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
7b15b882b5c56f7c1e82c03865a927e9

SHA1
94b23fe3066eee4bbf7ea7f022c9636dbe4e05ed

SHA256
67f5d1e16f951624f250282576235ed0283890d9eaae688a36291aacd30101f3

SHA512
80d3cf8fa708ba59d37ad22aaf06226c959504c455496e5042810cfc32a58c465af1379dbe225bd99a45b7baaa9ff377770e76fa2406266cfdc162aea5a500ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
53fba4bcc865155761e88ae5790cb3ce

SHA1
6cfb54b93a1706d5d876a502b66038fef1163cc9

SHA256
2b822ceff0c12ae0f8bce9bcfeb11bad93b8656fa46e37ce8c13614a2b0d4339

SHA512
bbf1089ca1e29be6abaf5ea86a831005d57d5b5d2f798c0d0f49f5aacd02cbea3bc0fa85ab048bb7ccb21d962171653f002b47d023451145c24d4d0d9896f4b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4388_GCSKFJXKQPWFMTGX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit