hxxps://rollins-mkt-prod1[.]campaign[.]adobe[.]com/rln/getImage[.]jssp?m=04202313-1-2115213-13June04-21&e=boss&l=brandlogo&i=hxxps://adfs[.]web[.]app/s3RbakFe5rx0qwi2Pntrustdy9s3RWO3BM2

Analysis

max time kernel
1200s
max time network
1089s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
02-06-2023 06:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://rollins-mkt-prod1.campaign.adobe.com/rln/getImage.jssp?m=04202313-1-2115213-13June04-21&e=boss&l=brandlogo&i=https://adfs.web.app/s3RbakFe5rx0qwi2Pntrustdy9s3RWO3BM2

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133301626282971990"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

632 chrome.exe
632 chrome.exe
4708 chrome.exe
4708 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

632 chrome.exe
632 chrome.exe
632 chrome.exe
632 chrome.exe
632 chrome.exe
632 chrome.exe
632 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 632 wrote to memory of 5028	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 5028	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 4100	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3336	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 3336	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1224	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1224	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1224	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1224	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1224	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1224	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1224	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1224	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1224	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1224	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1224	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1224	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1224	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1224	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1224	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1224	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1224	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1224	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1224	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1224	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1224	632	chrome.exe	chrome.exe
PID 632 wrote to memory of 1224	632	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://rollins-mkt-prod1.campaign.adobe.com/rln/getImage.jssp?m=04202313-1-2115213-13June04-21&e=boss&l=brandlogo&i=https://adfs.web.app/s3RbakFe5rx0qwi2Pntrustdy9s3RWO3BM2
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb46e39758,0x7ffb46e39768,0x7ffb46e39778
2⤵
PID:5028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1796,i,6958961431541445793,11329032346216087249,131072 /prefetch:2
2⤵
PID:4100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1796,i,6958961431541445793,11329032346216087249,131072 /prefetch:8
2⤵
PID:3336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1796,i,6958961431541445793,11329032346216087249,131072 /prefetch:8
2⤵
PID:1224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3188 --field-trial-handle=1796,i,6958961431541445793,11329032346216087249,131072 /prefetch:1
2⤵
PID:3432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1796,i,6958961431541445793,11329032346216087249,131072 /prefetch:1
2⤵
PID:4620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4488 --field-trial-handle=1796,i,6958961431541445793,11329032346216087249,131072 /prefetch:1
2⤵
PID:3424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4704 --field-trial-handle=1796,i,6958961431541445793,11329032346216087249,131072 /prefetch:1
2⤵
PID:5064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4648 --field-trial-handle=1796,i,6958961431541445793,11329032346216087249,131072 /prefetch:1
2⤵
PID:2608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4992 --field-trial-handle=1796,i,6958961431541445793,11329032346216087249,131072 /prefetch:1
2⤵
PID:3632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3376 --field-trial-handle=1796,i,6958961431541445793,11329032346216087249,131072 /prefetch:1
2⤵
PID:388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 --field-trial-handle=1796,i,6958961431541445793,11329032346216087249,131072 /prefetch:8
2⤵
PID:4068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1796,i,6958961431541445793,11329032346216087249,131072 /prefetch:8
2⤵
PID:2220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2796 --field-trial-handle=1796,i,6958961431541445793,11329032346216087249,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4708

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3092

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4f7d82ef-2359-4c8b-a04a-b9088d85ddab.tmp
Filesize
5KB

MD5
2eef0796e49a6587d8b088248b92e411

SHA1
9722b9ac97edacc7cd3818bab9395e40a25463b5

SHA256
e562abfc9f79a46e194eb72cf96453a5acfeb62dca5a3cbe8b625f8d31b97bfc

SHA512
87faab9ec0933b6ae0a7164da24c1a11128ecca3ba13178b23575a4b31335285d1283eb6992b5ddbd3d78adc1dc4933105ea47d05f3ea98c3673d8cda9bcbe2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9871b640-41ee-4805-9898-ec513596ec78.tmp
Filesize
6KB

MD5
e8a467f5060ac50282ac043b66844387

SHA1
5c4a56ad30808d63d95619c8d387b7fd4fad73c8

SHA256
d429fb673216fa23a1e936625f0f5635d296764d5b0907a4253ce7fe3ccebf0b

SHA512
dfa0fcbf28a779dc162a895953e498cb92725c0ff11f8f790908f5fdcb7db8097296ade54180fcad7e0f88cccc527b5be48e3874a32adf5d1c49c81f1dc2937c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
57f65a4dbca24d62542618290dd6a5e6

SHA1
e332e7bb467c6b5f909d3dbfed7c35b88c0cd6ea

SHA256
cc5ba1b4e520edd0de0cbca196e9a823c292fa8813610483056863df7febb5e6

SHA512
4ccc69563b7e051f6ed59fdcabfe088af8c8f5e9d51a2242c9da26619161f9f507392082d075cb93ba351cc86d7268b1deaba94b5af03f616b426ad97597994f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
b004d28b8ad2bee2ff612626a79201ba

SHA1
2ef41ae6201c137a9ed1b751c819d185e8c612f1

SHA256
fcd18408c98fe8dde441cffdd16820e35e24fee60cfffa21bf26172b7f2cf67b

SHA512
220465e82b75b47d98ee22a3e6bf4a521a3efcca60a98486913b430d01a09927d9056fb15b4844bff7ef077f8fbc0f5f281b494ec599fbbba76fca2784b4b473

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
873B

MD5
1e8044b73d41afad7b7b7b9c49e70599

SHA1
7fac5f22c83a8c6473f02f0d3b20876f30af26fc

SHA256
f6364852515b1b0386ead5a526209532f26f13737ffea2edf11a716e4025b584

SHA512
61a2450eb5e16d8eb2aeca6739f9dacabaf8e13a2a7297b20db0f2c08d616a2549aadcfb001eb7c6b29e346460ac82d100e0d3320f6336004c98c27d4c358f06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
1fe2bfedc7286e1f8d58ad13d7428e97

SHA1
0b040a6d83cf872bb1046a6ace67b96b9716eb93

SHA256
a6ca7a67a00341ef27a2821aab4246d2e86984ade54d200e8a4acb719fb14ff0

SHA512
7ce6ee7368321364a3daf5cc45e63b28a9ca3503d03c29dbd4b5a0d96183a3546b8df5de116b9b822eeec1f7a6a77b7a729a84c39ead787d40195ded48050602

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
158KB

MD5
635029334b95196b4dcdb68525d3654c

SHA1
9330c81aff54c980c39051fcf4bdac717d2b264e

SHA256
82b935a31350c66256c2e0734913c3f4789c02d43febc3e48b791eebfa9ff0b0

SHA512
ee85c496f242678d9019c80c9a379cad86f7b5d56eae3a45d08548495a91aaaf235a21bd6cc1f2e5145c461381d8f2450a55c69efad8f41060ac418e98445ccc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_632_HAAGNHZWCGVFACCH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit