hxxp://ncv[.]microsoft[.]com/8ozDN3WlSW

Analysis

max time kernel
104s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 20:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://ncv.microsoft.com/8ozDN3WlSW

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133522430030461603"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2040 chrome.exe
2040 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

2040 chrome.exe
2040 chrome.exe
2040 chrome.exe
2040 chrome.exe
2040 chrome.exe
2040 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe
Token: SeShutdownPrivilege	2040	chrome.exe
Token: SeCreatePagefilePrivilege	2040	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe
2040	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2040 wrote to memory of 1828	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 1828	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2644	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2760	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2760	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2832	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2832	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2832	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2832	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2832	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2832	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2832	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2832	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2832	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2832	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2832	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2832	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2832	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2832	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2832	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2832	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2832	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2832	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2832	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2832	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2832	2040	chrome.exe	chrome.exe
PID 2040 wrote to memory of 2832	2040	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://ncv.microsoft.com/8ozDN3WlSW
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x10c,0x110,0x114,0x108,0xd8,0x7ff8d9c69758,0x7ff8d9c69768,0x7ff8d9c69778
2⤵
PID:1828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1824,i,11074740939504206147,4109222178737000188,131072 /prefetch:2
2⤵
PID:2644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1824,i,11074740939504206147,4109222178737000188,131072 /prefetch:8
2⤵
PID:2832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1824,i,11074740939504206147,4109222178737000188,131072 /prefetch:8
2⤵
PID:2760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2776 --field-trial-handle=1824,i,11074740939504206147,4109222178737000188,131072 /prefetch:1
2⤵
PID:3408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2760 --field-trial-handle=1824,i,11074740939504206147,4109222178737000188,131072 /prefetch:1
2⤵
PID:1136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3964 --field-trial-handle=1824,i,11074740939504206147,4109222178737000188,131072 /prefetch:1
2⤵
PID:1032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1824,i,11074740939504206147,4109222178737000188,131072 /prefetch:8
2⤵
PID:880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1824,i,11074740939504206147,4109222178737000188,131072 /prefetch:8
2⤵
PID:3300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1772 --field-trial-handle=1824,i,11074740939504206147,4109222178737000188,131072 /prefetch:1
2⤵
PID:2212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1824,i,11074740939504206147,4109222178737000188,131072 /prefetch:8
2⤵
PID:5032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5128 --field-trial-handle=1824,i,11074740939504206147,4109222178737000188,131072 /prefetch:1
2⤵
PID:3660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4916 --field-trial-handle=1824,i,11074740939504206147,4109222178737000188,131072 /prefetch:1
2⤵
PID:4032

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
489be18f777081c1dd1eb0b1a9aaaa56

SHA1
727ba0c6fbc0f68052ffc4a5edb713c0fc24a69a

SHA256
c43dba01a8d97896a30f43b9dd92e01185ac570180ac7be5a31e6eec4122d30a

SHA512
4beaab9a1b9f3ef4011db8529b097aea90861251823fbbb5374beffee3927602a4c4c66b4fa9472e28a857d3b5380c629ee75427fb94e159ecd22695ecd7374a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
01738bf3e11331989e42bb34cdfef63a

SHA1
3f6dcdff30c0a463f3920c975c086e12167e493a

SHA256
82d3c7705a703bfbe98a125f5668682dd7256cfe5e69c1e4185451602d529687

SHA512
f3faa9c604bf2f92c2294331e36a1c8cde580510dd742b347c7a6254a31e875cc55a2662cefdaf1134d778bf71f68a238199b4ca2ea8f07b166019f0c74aa2cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3f90eee7bf323e46b8583d47d2508ddf

SHA1
f13df73a915aca8c38450cfa67eb8b6fa6c08aad

SHA256
f4cf5166c30b236d453a40fee8be2680311404d6e3da434d86666963fd53e4ef

SHA512
d84e97f1b29b2c5ed3c65375841d46ac89f2c030d855cd06a9ea1f0e14a9ab5e2a2d2bd8c5ddbfd26a9216a3e6342f3ac99835cbe5ad90cbfe434a1db55d2db1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
67fe0a39219b895103b2b981ebd554ac

SHA1
6dd66dc60d6e3adf1f8bc7258f6a997393e3fbca

SHA256
203a48c2562c4de7393c91bd2a94f017953722368d62e733ffaff9c709413b65

SHA512
5772435922d9c36f6419a41c245fc86f3b470bcd6c38feb7e10ac4efc7e8c3ecbffc03eca0b04ac30cba8a05de6025c098354b3dafd18960fe1912eb8aa53154

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
8ed51be50c54dd18ac1339177acbff98

SHA1
d410afd4b0c3daeefa86817d5f0a26efa3f760ba

SHA256
bd86adced95a719fbb10a8f8fac82091b68a617bc02975d20bd4ad3f688af473

SHA512
221774aad27895861e2086ccea3d05d368cc905b25de7c7173473e65449cfa41abd5a720b0d515812650abf5b7820cbf9f0d86760824751c79a4c5101a2d2e4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0823d6336c91e94537b52e058cad1385

SHA1
f02867c902b9a9cc02dfde5d419d53ff4a968210

SHA256
8ee1ec5c7d1afa5114a0fb96157b49f9d2d1a1ad604c10b6913fb2a426c9ae99

SHA512
1479d092e6907b7576d6945fc20268fda4badf32a1fb0d5d713db4a88bf00cc098be4bed529e2aaaa90d1d5ea9b609e56991fb4ffbeb3634f1ac27d5b5565885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7120b9f3ce46415dea1325cd2497a681

SHA1
706f03b19331b99b5d6893f2ed4e6b39c0df9293

SHA256
06c122ed7036089fe7c447f67eabc1bbb67d886bf28a0c6c291dedd8886d15fd

SHA512
4da2fecb2305ba0eaeba4d5aef77d85eae564d1ebea15d9b65f0fef185e02aaeda44be9c02e3c3a0bcecb2d63c8529d4f9064e32363df314c61ae3a898bf2e35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2172ebc182a04dde6cb95a06ed140111

SHA1
80c8e6d05decaf917b8201022bc82c431756aa09

SHA256
4ca33e9f0896d4aea6f0dfb5926a98227e9bd5eaed8b87edb5b29b7cea329901

SHA512
db9cf91e2eb6ba3a26c0976169db58c1f3cafb665619aa46a3777bdd18428b0332c883e9e76d842bd458282d0506ab707688ce6951033eb74479d1f82377815e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
29479d01492d877a0125edbdc19c3883

SHA1
63a9eed74566dd23caede9db4961ff0c8c9a9ead

SHA256
92122ac0f825ee8327767927d962ccd3eb6b2b1e932a6348880c199f282aa6c3

SHA512
552d2cfce9896a440833351f7f669c765a505a0c60cad24a64a5d7bd02b1a4ac2369ba563332631c48eff71addbd595f68a5294bf7e6073ed0dfb34702abd002

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
2d351a27ae915a5e009036952eca065f

SHA1
17fb4fd5cd2ac5bd1d4bac92ca2f5dc8dc25e98a

SHA256
d3d210b8f19596d100057b65a1cfccf9c08ffe3aac68cf40f265bd38ae890949

SHA512
44f17862953c6858431483d5c751346694aeb244da2c534cb8a6b5e5cb8467cb636211d5011824d22b5dc1e2dd3950ae18fb77b0267359d6955fcb887e6e22ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5808d5.TMP

Filesize
97KB

MD5
dd2949438b2373058644373dd7aeefaa

SHA1
1824098eaa5f4285df21a118e3a44bc816777332

SHA256
3f57029b385c3898086aef57d5dfd4d180d977849dc1d814c76d179df28d601e

SHA512
a710b231f4075cd2f1172089c77970f0ea05af60d99487836aa65252f87bd199121be4c91ca65a10830dfd3125b704ee988c344502930683c5838da6be6a70ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2040_IJJENTMTGVAKTBHV

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit