hxxps://ddec1-0-en-ctp[.]trendmicro[.]com/wis/clicktime/v1/query?url=https%3a%2f%2fwww[.]worklsupport[.]com%2f%3fcid%3d64022213%26sid%3d1545734%26lid%3d4412929%26o%3d0&umid=bb50dc62-bd6e-4314-989a-af873d9cd48a&auth=f14bc2ff7d71f5404871dcb86676aa1a0657ce0f-a61feb3c07d5eb7fea2c199cfb55d8d4c880ece6

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
03-04-2024 06:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fwww.worklsupport.com%2f%3fcid%3d64022213%26sid%3d1545734%26lid%3d4412929%26o%3d0&umid=bb50dc62-bd6e-4314-989a-af873d9cd48a&auth=f14bc2ff7d71f5404871dcb86676aa1a0657ce0f-a61feb3c07d5eb7fea2c199cfb55d8d4c880ece6

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133566000653683214"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

644 chrome.exe
644 chrome.exe
5044 chrome.exe
5044 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

644 chrome.exe
644 chrome.exe
644 chrome.exe
644 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 644 wrote to memory of 1632	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1632	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1204	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1116	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 1116	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 4920	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 4920	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 4920	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 4920	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 4920	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 4920	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 4920	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 4920	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 4920	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 4920	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 4920	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 4920	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 4920	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 4920	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 4920	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 4920	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 4920	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 4920	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 4920	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 4920	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 4920	644	chrome.exe	chrome.exe
PID 644 wrote to memory of 4920	644	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ddec1-0-en-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fwww.worklsupport.com%2f%3fcid%3d64022213%26sid%3d1545734%26lid%3d4412929%26o%3d0&umid=bb50dc62-bd6e-4314-989a-af873d9cd48a&auth=f14bc2ff7d71f5404871dcb86676aa1a0657ce0f-a61feb3c07d5eb7fea2c199cfb55d8d4c880ece6
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb1ed9758,0x7ffcb1ed9768,0x7ffcb1ed9778
2⤵
PID:1632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1864,i,4832604385550253975,13417452301417998765,131072 /prefetch:2
2⤵
PID:1204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1864,i,4832604385550253975,13417452301417998765,131072 /prefetch:8
2⤵
PID:1116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1864,i,4832604385550253975,13417452301417998765,131072 /prefetch:8
2⤵
PID:4920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1864,i,4832604385550253975,13417452301417998765,131072 /prefetch:1
2⤵
PID:4168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1864,i,4832604385550253975,13417452301417998765,131072 /prefetch:1
2⤵
PID:2080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1864,i,4832604385550253975,13417452301417998765,131072 /prefetch:8
2⤵
PID:1132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1864,i,4832604385550253975,13417452301417998765,131072 /prefetch:8
2⤵
PID:4472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5244 --field-trial-handle=1864,i,4832604385550253975,13417452301417998765,131072 /prefetch:1
2⤵
PID:916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5280 --field-trial-handle=1864,i,4832604385550253975,13417452301417998765,131072 /prefetch:1
2⤵
PID:2148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3872 --field-trial-handle=1864,i,4832604385550253975,13417452301417998765,131072 /prefetch:8
2⤵
PID:3080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 --field-trial-handle=1864,i,4832604385550253975,13417452301417998765,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5044

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4016

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
672B

MD5
1eb54c72139c20b0fb42ecfb78318147

SHA1
09e1a1f1a3edec494370b84b69a4840d6b222a73

SHA256
bb9af9ef853c5d9b3a8c9ba19d43b9f36e910ead15c1accf315aab6e9e332114

SHA512
e171ce0384038b6fff0debfb7df6de6a42a75b97a3e050b08f93759e7153477c51c0cbbd73cf328581bb4124f9cbc0f9a22847794c0707a4c58f1f9fd4bf4cd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\2ea23b70-d75d-4a20-b027-920ff3c20095.tmp
Filesize
2KB

MD5
25de86d80f6b89443bd8f2733ea67e7f

SHA1
27c8ed3f2ad22b9000cfbb9fbcbcdd7de26c9b8a

SHA256
233bf7452836df2b27be2384275ecb5227719b58710c244dd2b19851d971fd8c

SHA512
fdf81910d570b264e85633a6e41d83460b6bfc04bebbc855ec2e138cf54e4689a3ff421c93394671dcf1b1d6a54130d7d8ebf633f0592c6e8395dcc1fa10febe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
765B

MD5
8f64832a71817f389836a1dedaba7279

SHA1
7a1d877657670e7ed6d142280eb5ef80405d8d1d

SHA256
2411323fc5c27fc38db50df5c71130e0c5c3357f0efe5404b2c569bb587ee8bc

SHA512
a5060e4465bc08cb9a78f49e95437b820018eaa8bd44cbe32354a05df49938e143733a6677f407cf273839ac85da838306fcacf56ac5f0f6fe848a4078d12e34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
8b899b92b32ca6a9516c1deb148ca187

SHA1
8c73a463e43f45f8e09f33cc748b93542551d031

SHA256
25469aa06684d9446671212bb436ae095cf339cef924ee84128ffd94fc0cb034

SHA512
23ac4ebaca430633d05a1056be0a06062079730c36e1e3c08b523fa562036072e3632cc49989f70d5134f4ca3243db21d7371a7202db0a35cc76fffd98fe06cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
7427938e85258266da44629902986976

SHA1
b4ebb700d5e55a47ba644b1e8fc0d55c654e0270

SHA256
806a8a7af313364b5ea42d0ccd69bdda9e2ead76f5380fbb5a79a7ab2684ce51

SHA512
ae86b7f737074e5d5dfaf1eeaa70b521356ada79aed5653e44e6765bf4e2d200a8ab0dd71189e0426f8ec389629eaa8241192e56d222f957de8b3058d7d0e860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
691a12e534e35c71724b05a14d248ffc

SHA1
182aaba78393f0e63081ad96ab2829e8ba4612d0

SHA256
69e9bcb3ffcb08fd4492c0ae5a000452ab649193f2085bf6ddff545548b8910e

SHA512
321b9f9fe53404ca945aeb7a23e0dee388c38009e63473c75d362429a3cde8aaa4502e1d925c6ea58d51f50c962d18cd43b8e1132ab29ad008d55825ab3734bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
534B

MD5
a4082000cf96d6d9e45702a5c8c061f3

SHA1
1c1d55649573a43118fe11bdf098360b328885fe

SHA256
1297a737dce798b76634016fcc8d8212cb64cd91945cfb56c2c7eea55447f816

SHA512
024c3dd836beb98e06e10c0796f67a4dd330e87e5d5dd57c1fe00602994094cb9a8a64cd65c7b780241d648fdde22bc862af774e1d457697a0279fdf8f9bd385

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
04e949e48b7b9e6483473e7feded6757

SHA1
9f9d42b1cd3ea32e8c0dc714f89aa0c1fcbc0794

SHA256
724e2e41a12b143e3b5685d6cdd6d8d82ca49b980ae82545843be9f1b9811bb1

SHA512
7eb4bf89ee5e0f4059afc11756a1490f4f44c136f38fe1e953d59743d9ff4346fb839e2f9450c82f4a8d0c008e6e90d6592cceab126e7cb705fd5e1d9627a623

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ef260c65c71584f5243df01a9b5e09cf

SHA1
5f24ae122486ef5d28436c9261bea416288eba27

SHA256
d4afb2302261718416450eb9ec21eab6d32419129b0c06c232034c8a550e69ae

SHA512
01ef837d3abfe7705f3de04916933a7a1d565ae1dfe929b8a49dffa0362a001645cb2cdf6e8c2430a89b0151133fc437936640596e013160fd0b879ec8f6f564

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
1f9daa31bc4af442d155fbc033f381d9

SHA1
9eceafbb8a37a4546101ee737f094ef9f1bf89af

SHA256
e440befe33e373c3e032c0ba66a882c7484cb29ea3211a0efcd543059fec6b14

SHA512
fcce6da8edd14127c3376949f13776fe571753aba729868a03ad9b86d1c546b2508d7cac98f39aad119559f2bacc5815a86e39de3e5e5fc00c459497ef8d4ac7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
104KB

MD5
370bb4b868eb460bba8093c3c91559bd

SHA1
f7a720b0b3a38c4fcd87ef169a4141935dcd26f8

SHA256
4a8f0db4deae3dfab70c647f49a3a32cd95b8af41cf94c517688038d79ef9a92

SHA512
ce627e6b8fae92d2f76cc6d3aa6b104e9ad594ea9218900495a7bf78fa8e0a78e4810a91706d439539714f557a849965770e2cf28cb041d0b247c15b7a696de9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58e6c1.TMP
Filesize
101KB

MD5
bcc2674082fec0a4f2ecbce42b288ec5

SHA1
3a00bcb26e85b9de69aba2fb096fd44971555dc8

SHA256
5a81787a0886ed2250e0a769e749449b659768c1ab21d38d15ef99f9dd41986d

SHA512
b764ed0e801db8b08fcac246751cbb41ec946c75e17de4edea68ed3fc874538d0fdf99b4903dda2df0032888fca1851fbb5085585c938cc2d35f9ad4479f121f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_644_FJWFXVAHCBBAMOOE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit