hxxp://track8056384[.]fd1events[.]com/9148958/c?p=e1ghcRiq7E1bLzNjzUofbYJv7c4w8xpTOuqXlVVZr4dvbbsUPwvZNxpzpV4GRB1PYRRNi0z5iBYeE99OZEXH8XAjeRBjsulBBcHcBBQR1q_wFa4dTI8R7uMtYLkWisriJvSojyVlCmMvDzzK0QNpWe1brN3FPakkJqXypGYogfdihdfnNM0znj-4ncz31VDVoZo6aD-gTJxprbFH_flvGXG_MlJox0MNbZCpq9R4wd61mft7-HLoQUprDju7LqYLyuoxl2wFp2-tY3wVoqsfjPQvMJ3yop_93T-ZH1MPj243dNwDcMkyXEqKdQ-7K-GJW0a8eD1CksrURPN4kQYxmQ==

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 18:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://track8056384.fd1events.com/9148958/c?p=e1ghcRiq7E1bLzNjzUofbYJv7c4w8xpTOuqXlVVZr4dvbbsUPwvZNxpzpV4GRB1PYRRNi0z5iBYeE99OZEXH8XAjeRBjsulBBcHcBBQR1q_wFa4dTI8R7uMtYLkWisriJvSojyVlCmMvDzzK0QNpWe1brN3FPakkJqXypGYogfdihdfnNM0znj-4ncz31VDVoZo6aD-gTJxprbFH_flvGXG_MlJox0MNbZCpq9R4wd61mft7-HLoQUprDju7LqYLyuoxl2wFp2-tY3wVoqsfjPQvMJ3yop_93T-ZH1MPj243dNwDcMkyXEqKdQ-7K-GJW0a8eD1CksrURPN4kQYxmQ==

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133522348353991858"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

1228 chrome.exe
1228 chrome.exe
1228 chrome.exe
1228 chrome.exe
1420 chrome.exe
1420 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

1228 chrome.exe
1228 chrome.exe
1228 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe
Token: SeShutdownPrivilege	1228	chrome.exe
Token: SeCreatePagefilePrivilege	1228	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe
1228	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1228 wrote to memory of 2532	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2532	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 2400	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 964	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 964	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1488	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1488	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1488	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1488	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1488	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1488	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1488	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1488	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1488	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1488	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1488	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1488	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1488	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1488	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1488	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1488	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1488	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1488	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1488	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1488	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1488	1228	chrome.exe	chrome.exe
PID 1228 wrote to memory of 1488	1228	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://track8056384.fd1events.com/9148958/c?p=e1ghcRiq7E1bLzNjzUofbYJv7c4w8xpTOuqXlVVZr4dvbbsUPwvZNxpzpV4GRB1PYRRNi0z5iBYeE99OZEXH8XAjeRBjsulBBcHcBBQR1q_wFa4dTI8R7uMtYLkWisriJvSojyVlCmMvDzzK0QNpWe1brN3FPakkJqXypGYogfdihdfnNM0znj-4ncz31VDVoZo6aD-gTJxprbFH_flvGXG_MlJox0MNbZCpq9R4wd61mft7-HLoQUprDju7LqYLyuoxl2wFp2-tY3wVoqsfjPQvMJ3yop_93T-ZH1MPj243dNwDcMkyXEqKdQ-7K-GJW0a8eD1CksrURPN4kQYxmQ==
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb80799758,0x7ffb80799768,0x7ffb80799778
2⤵
PID:2532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1888,i,13018168850017622627,7007562609960563585,131072 /prefetch:2
2⤵
PID:2400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1888,i,13018168850017622627,7007562609960563585,131072 /prefetch:8
2⤵
PID:1488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1888,i,13018168850017622627,7007562609960563585,131072 /prefetch:8
2⤵
PID:964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1888,i,13018168850017622627,7007562609960563585,131072 /prefetch:1
2⤵
PID:4584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1888,i,13018168850017622627,7007562609960563585,131072 /prefetch:1
2⤵
PID:4704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4584 --field-trial-handle=1888,i,13018168850017622627,7007562609960563585,131072 /prefetch:1
2⤵
PID:2452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=1888,i,13018168850017622627,7007562609960563585,131072 /prefetch:8
2⤵
PID:1952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1888,i,13018168850017622627,7007562609960563585,131072 /prefetch:8
2⤵
PID:732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1888,i,13018168850017622627,7007562609960563585,131072 /prefetch:8
2⤵
PID:1452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 --field-trial-handle=1888,i,13018168850017622627,7007562609960563585,131072 /prefetch:8
2⤵
PID:3492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5568 --field-trial-handle=1888,i,13018168850017622627,7007562609960563585,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1420

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
d5ea0adcdcbdd96e1a09959d32883e69

SHA1
a637e409ac2c50fb108ba6337df0d4b506e4bf3e

SHA256
872b50dd85b502105d5e88a53a07f4f747766cdab2c9555d2ab17732138d7bec

SHA512
bc4c514d48065f8c9f70abb312bdb3c4f76401632294810c5585d4e213597a2bf0e8f9481363a4d03835019b5899d635f9cda5ae6db1c85b2d6d6ca4ce262e92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
bba32d13adb63641dbcc838a2fe16677

SHA1
c5e9033835711debe499ad444c329c9a6104ba80

SHA256
f0a3cb637203ef4d8601815457bb27ee0f0df359690fbed4b297907b9e50d257

SHA512
4e4c96463d5031c99c6b33ec2bb5cafdc4f852e9f701bb8f584f82b022c95a77ad933ccfde3d6a7d6d8f4b3cd5ec7524692190106f051c15f7cdb1c06202b4cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
496b0ac028449be4e02c756bacb669c4

SHA1
fc462f03c5403d7c6feaf42e571869f5976c3f9e

SHA256
072d7e45c4ad36674e42ba6d90bbc0062af4c57277f6bd4b0c4909fe5c6103aa

SHA512
81435e60bb97c225496d1963060ea61669545b567042696fb009de572b81c55c6bf9132e8864f0ffc076ec714a1c4062c7be371f50c593092ca7135d13f5a8c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fc8a040354829e450a3abbd7b3c52942

SHA1
332d38e2096ec471bad51451895c38186816e1bf

SHA256
a36e313e6b23f9d253ed200b2f95f35139f3f35b6a82d2c6d3ac8f9921afba41

SHA512
78fe476ae5bbf6939a08e59c7479f9c5d3f4eac759d3f7a059dc656f53d69511f57055c7eaed8990d56ad28c2c8ac6905670f406f6c180f39624d777352d701f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4827fbeea1b87bc083e1856ca862a6d8

SHA1
d65e85e5b28fa8096a580cac592a81d77b6349cb

SHA256
87cac273107aab96a9e896aa086d99b635ca57cf8949c7a5d644c60814f0442b

SHA512
5dfbc63dcbfeda46be988be60b2ac431a7000722cd32adbda1d065ec9471561107875479b071e10b48f4936b50111383853e496f5c1d3ff0b9260ea1bd6bc064

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
094d4d8ab143f2b58b737dc176f0e59b

SHA1
410bc19dd3b2267b7fe8df2264e2cc0bb8e58a72

SHA256
8169c42f1b3cd729af78df32368c104b815cf9e1a98627f93636b191969fea9b

SHA512
383b631d3584fa6ba6ab40a74fd2fd45b1a6d96ee1003e8d44bb97bad42e7440f8d189dd223e1170f7ea62c8ee77dc35bf0eca56bb9583fd65f32617a32846e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
135KB

MD5
847a3ccd3ed139ec7bc6566732fbbcc5

SHA1
88032380280507bc2c95d075614fccf970fdfab6

SHA256
a5d4ab7812b34d9cc2ba479472394813efa707f6c15fad7a3166203caaa4d782

SHA512
83eec7c74fe3bf918d4f8a0944d360c1325d90fa66b83dd54157224c35a760fe26929172bae38a25c088ecc8cf2ec41736f4e73231e0817ab01f7e68dd9b436f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
652d679c3ec49b5e97d776a5464c0711

SHA1
1a5203eba050dcc316db921fac792d2f5e2872cd

SHA256
33b962b0788e3d526f2b6817df3af2e94f4566999edc2f318a556326c1cd8681

SHA512
75107aa52e78a8852a8a589725093e9650ab0a7af4af25009780b30d02142eb8b286bc7f42e8fd8528e09c03b579f91675faaf6a465915e3b7fb926c5b62ff8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
66b1f45bd79de1562166f1d5769184c3

SHA1
279cad212bb86b29f8e8c0ed12bf2092457147b4

SHA256
101faeb7af5b2e5a448294a8ac63d39e55bad28c3f47c65c4c9cf53aec4740df

SHA512
4ab191b321b097a29fa3912139cba6c1c02bcb14014d137521169df6fad8e2a88e5937c325064d5a901299459daffdff1c9f19f6f79faaab4c91dcdb203ee185

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
2e400694a5eaffa5150bbafed23cad43

SHA1
4c78b7a584f2d66147c1084008de641970301570

SHA256
75703e4a3ff5885d73a167750f10343e1df6fe0c4efb530df249575b4f15d8d1

SHA512
72e45848d7c78c125e98aff3bc7ab0aea3f3234c24abba5cacbb74f6c700a5796df70d90fd97fb24add192fe865a89504a53b4b1f744513092497532dd4b98c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_1228_EEMQDXAESBAAJLEM

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit