hxxps://wixk[.]obs[.]ap-southeast-1[.]myhuaweicloud[.]com/%23?AWSAccessKeyId=C3NCJ7MAXGPIPAC703B8&Expires=1686513117&Signature=01NImT6iWIurZDQU0jrC9AzZWB4%3D&fixedpegdoijodqqekooivmvfukglbibmxvac-pagex-sawwnrwbjdrjnhdjffkorndjtifetchxsupportisecuredxpluralsight[.]comsafe-1MC4w

Analysis

max time kernel
1201s
max time network
1089s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
19-05-2023 08:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wixk.obs.ap-southeast-1.myhuaweicloud.com/%23?AWSAccessKeyId=C3NCJ7MAXGPIPAC703B8&Expires=1686513117&Signature=01NImT6iWIurZDQU0jrC9AzZWB4%3D&fixedpegdoijodqqekooivmvfukglbibmxvac-pagex-sawwnrwbjdrjnhdjffkorndjtifetchxsupportisecuredxpluralsight.comsafe-1MC4w

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133289667138756900"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1436 chrome.exe
1436 chrome.exe
4948 chrome.exe
4948 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

1436 chrome.exe
1436 chrome.exe
1436 chrome.exe
1436 chrome.exe
1436 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1436 wrote to memory of 1356	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 1356	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 928	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 1692	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 1692	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 1068	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 1068	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 1068	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 1068	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 1068	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 1068	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 1068	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 1068	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 1068	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 1068	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 1068	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 1068	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 1068	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 1068	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 1068	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 1068	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 1068	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 1068	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 1068	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 1068	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 1068	1436	chrome.exe	chrome.exe
PID 1436 wrote to memory of 1068	1436	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://wixk.obs.ap-southeast-1.myhuaweicloud.com/%23?AWSAccessKeyId=C3NCJ7MAXGPIPAC703B8&Expires=1686513117&Signature=01NImT6iWIurZDQU0jrC9AzZWB4%3D&fixedpegdoijodqqekooivmvfukglbibmxvac-pagex-sawwnrwbjdrjnhdjffkorndjtifetchxsupportisecuredxpluralsight.comsafe-1MC4w
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffa50289758,0x7ffa50289768,0x7ffa50289778
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1768,i,14118820695071566171,252596891781839765,131072 /prefetch:2
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1768,i,14118820695071566171,252596891781839765,131072 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1768,i,14118820695071566171,252596891781839765,131072 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1768,i,14118820695071566171,252596891781839765,131072 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1768,i,14118820695071566171,252596891781839765,131072 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4588 --field-trial-handle=1768,i,14118820695071566171,252596891781839765,131072 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5008 --field-trial-handle=1768,i,14118820695071566171,252596891781839765,131072 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1768,i,14118820695071566171,252596891781839765,131072 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 --field-trial-handle=1768,i,14118820695071566171,252596891781839765,131072 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2788 --field-trial-handle=1768,i,14118820695071566171,252596891781839765,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3688 --field-trial-handle=1768,i,14118820695071566171,252596891781839765,131072 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=832 --field-trial-handle=1768,i,14118820695071566171,252596891781839765,131072 /prefetch:1
  2⤵
  PID:3812

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1960

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
162KB

MD5
08f3851748975142ef7c08a8ea1ce61d

SHA1
31ffb52b4d2e4263a2b5a19195ee1784bc884a15

SHA256
e374d418c7975a482356a79e25f0722ab71616be443cb19d96ef88706937bf30

SHA512
d4b86e69582cf1bc33991cd44eb1db26eff3013dcc7ed34d8b7d890be510ef3949a50332e732c22182a8fcbba418c6ba18aa031a6f0b5b621ea2211e665af3f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
e909e461dee9245e13cf6a6e02f2116b

SHA1
0201c5f204e7771eba25d150f7db7596462d000a

SHA256
b1c4898eb1b01bcb99e75aee2c80600e65b779b98577c8dcadcbd9a47359f842

SHA512
b3f0f89b41139ca41def3b16daeb7d1332899068e8c33fcb088db77f3eaccaa3709b741d4d9cbc3aca3b5b517e10e1f7df71ea10d149219d3d1a9044df9c66f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
95fa824475ae34351c176d33e3b82a7a

SHA1
84d08e3882e8e6bb8debebe904f3414bceefd8bc

SHA256
c3c0e0395df546c06cc53143fce486487c33ad0ad343fa09fba2bbae06595fd9

SHA512
2e7163b7b583eaafc572e5cb92210100b9c06c16a3290885d8053a1d4d56a1871e76fdad2be7b6400fe6bc19b3a25862756f77e79a7b3f903ceef55153cd152b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ec4724a34b56a46caef22606563f7679

SHA1
f8eb0df1af34b00029fe947d87d77cbbd2c743ab

SHA256
12f60abf0c5992ca98ed6cbec7d0932f7e35a1288659e59450540f5cd4f07982

SHA512
a3d48d40ab638dd8c38dfb0d9c80c46b2182e10a7e54cd751c989f455742241b556da326e2605381c068e758a9c6fbe6a4b220cb57dc502bf55b624ba016a0f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
32b8de12af7b50fdcaf07a2f9140a903

SHA1
b1ee577937ab4b94b920f3c2a8069df2a486b032

SHA256
548b443cd35dd22b505c28d06e58566716f31534aeeacb324d1335551a2ce2cc

SHA512
e3ecec4403d17a1b2056ee661a42ad1cbe9b12654478e0cb6c9d24d06b7e95ed3714ab69d33d5c4dcca6cc1283b07aa3dedf67c74867ff23fdf38f95c57dcbdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\f9142b40-395c-4e2b-a6ef-6e995f2a87e8.tmp

Filesize
3KB

MD5
e1b49cc80fbcede88ead2a5e6202d833

SHA1
c6568d7bca75ad751d7419a1c882f89783526c3d

SHA256
c180a96bda87a9a2d38e62e58b2e65806137c228652ff02838a8bd9ddf703e6a

SHA512
2841fe66a0f3dc7b7986ac5a36324c69770f02cf96c11a0b470826d2bce5ea66e1284b0e70844540aab5664d826ddcec002874d4a586dda7f48cf86fefb419a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c0d5f3fc6148616acd7a0fdcdf4cca2b

SHA1
c3b24e6bfd9282d2e4ce894ca87a930ffd44c2d2

SHA256
17a310cc1d0cbea9dd3ac4eeedd700201a8bf7d142ff1d31908ea7679203dcf2

SHA512
ebbc4ebe42b3621553867fc79b4cdf381e6577d76b558dd966a840b18116842f3f71b3c3721f3862f514c2fa87fb19b9fcc277b29cb370445f9c5e571be83c49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
315a8561aeec09aec45a2686ba1b86c6

SHA1
4bd851cd34974a14c3203a6b94523698f44d9076

SHA256
7ddf504faec95f7b15a4298faab5224af7e1c7b8da09674d0b91f0bf99da6406

SHA512
881c75c5b5505096e3c62c65f9139055579564ece7daff0f402095a5cd4dcad8be28b0fa5bc5e88830a66b1e1b8dd3fb5f77cb9000446de54e3da1fa4be01f81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
244ce12c20e48564c7d41c556cb0f070

SHA1
238cc98f0377ce7a795c0f91212b346dbb581403

SHA256
57863504a58ca1de3ae47aba99c8c2bbe45f108b536e48697e9059fb085c199d

SHA512
99f1615269682b5700f918b6c7b7ca2afb920b362dfd1ca94685174d659af1dabce0058a8da117bef838f02fa9ca39bc0b1602df4cc6373a7454429a455a5df4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
8604c81172e96f299ba9703501a7ac10

SHA1
c0d7ee3f20b2e3fc4f5876a0681ef8a2ee68ff0a

SHA256
663c2579fc27b96dd073cb904490ddabbc2450f44c75d33a61f2b2000860394d

SHA512
b1482e11dc48b678573c36132eef942a2f7f9300ba830769e7f766fc87c0be770278eb57a58717601bf31c33c585e9a7db5176c79be2ce993d7557e7867741a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_1436_OEKIUXIIGDVOHJEO

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit