76cab95a6d078d2dcce63214619240243f47b93f4af33ccb3522874a9b4d9bea

Resubmissions

24-04-2024 14:08

240424-rf14mabc7w 3

Analysis

max time kernel
599s
max time network
568s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
24-04-2024 14:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Exotic.exe
Size

17.2MB
MD5

533169ef2b91663d0b2edccee76ae7d2
SHA1

722bc47b68197f09bcf39a31ff495252abbaec07
SHA256

76cab95a6d078d2dcce63214619240243f47b93f4af33ccb3522874a9b4d9bea
SHA512

e894237c3b776ec306b3228ed949a0787af4f5a40eee14fdea1f97a81fa0c8aa2f6bca1c7280e3e2ae10c31a650cbd101e6bf6cbbf8eea12067580f96c52957b
SSDEEP

98304:chnb1UVFAYIcGh04mlXujC/MB6XxuY5bzE/D9s8nEm5VK:chnBEkv0sKYu/PaQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133584415214242703"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

Processes:

MiniSearchHost.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1412 chrome.exe
1412 chrome.exe
3884 chrome.exe
3884 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

1412 chrome.exe
1412 chrome.exe
1412 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe
Token: SeShutdownPrivilege	1412	chrome.exe
Token: SeCreatePagefilePrivilege	1412	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe
1412	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

MiniSearchHost.exe

pid process

4508 MiniSearchHost.exe

pid	process
4508	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1412 wrote to memory of 5016	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 5016	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1224	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 404	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 404	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe
PID 1412 wrote to memory of 1496	1412	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Exotic.exe
"C:\Users\Admin\AppData\Local\Temp\Exotic.exe"
1⤵
PID:5092

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc3e19ab58,0x7ffc3e19ab68,0x7ffc3e19ab78
2⤵
PID:5016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1780,i,13431601789972414500,8866724472301809196,131072 /prefetch:2
2⤵
PID:1224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1780,i,13431601789972414500,8866724472301809196,131072 /prefetch:8
2⤵
PID:404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1780,i,13431601789972414500,8866724472301809196,131072 /prefetch:8
2⤵
PID:1496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1780,i,13431601789972414500,8866724472301809196,131072 /prefetch:1
2⤵
PID:1976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1780,i,13431601789972414500,8866724472301809196,131072 /prefetch:1
2⤵
PID:3776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3784 --field-trial-handle=1780,i,13431601789972414500,8866724472301809196,131072 /prefetch:1
2⤵
PID:1464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4196 --field-trial-handle=1780,i,13431601789972414500,8866724472301809196,131072 /prefetch:8
2⤵
PID:3200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4480 --field-trial-handle=1780,i,13431601789972414500,8866724472301809196,131072 /prefetch:8
2⤵
PID:1740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=1780,i,13431601789972414500,8866724472301809196,131072 /prefetch:8
2⤵
PID:4720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4464 --field-trial-handle=1780,i,13431601789972414500,8866724472301809196,131072 /prefetch:8
2⤵
PID:3724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4712 --field-trial-handle=1780,i,13431601789972414500,8866724472301809196,131072 /prefetch:8
2⤵
PID:2136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1780,i,13431601789972414500,8866724472301809196,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3884

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:232

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\6b63667f-7bb4-442e-ab84-56614e98c36f.tmp
Filesize
252KB

MD5
f482d33e9dfc88312019ad9eced841dc

SHA1
dad9a4c59acbe743a2f66aa12a245383b542d2c0

SHA256
00c9caa7a4d59d82d50da8a543997b8ea0249fada3d6205083433e21222a3920

SHA512
5c361f98e0b94a073604b7baff8882cc62b948ae13ef1007148ec3f2ea980375ce7aa019cb6e4fbc220a7197f45b58ff4f996387437aef25c2789e88426352b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\066b0c2f-99fd-4cd3-893e-0edc8004319e.tmp
Filesize
1KB

MD5
4d9ff98645f0fa0e71ae3973aeeb07d0

SHA1
a57388cb4a166ebba1f75c062fc222b6f9675b5c

SHA256
fc365567eb2a97fc5935fc74753274e6b3cd6bbf6e7506206eeaad77c30e0a37

SHA512
6874ef1fbab8106e6390b000e2b0cfa6aa2688fdb3450dd985a37ef543fbc7a7844a40cad96e14916e9b1c77a5a93fff4961defe78089fd735238d649410129f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
e954bdc60c778fd178c6249e42721d51

SHA1
11706d69a8d7c1318f9b611d9871581ff23af589

SHA256
7c9bc6904fc3d234945ac7812d7829a029b2d1e5949aa4b07b1960a6c3c14a2e

SHA512
c5823bff9b64b16c97de2ba4e2eba43654443782d049f406e0397ee60b4e13ce3cc4c5eaf149045edb146bd25434151f40cb3fa4794d34d61a4e3287e7c4b0b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
bbfa1392a71e98c6a11e74838a959c28

SHA1
974680215123d2b54a3eb02ee270fa193206a3be

SHA256
2c6d4b18af5ef1b0b582ea611a93285d2ff169cc5d393e9ed27414e945615f3b

SHA512
57e357448311b50c616969e0768b035ce787f696bfbbbc189c5ceabdc6b8970a871465952f92230897e6db22e60ea9af9dfa2ce2b9216e4e0d53d218b1c839db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
354B

MD5
8354f30148e94ed16097b5229130efbd

SHA1
2f3721e6f2160945ed6e70e0e7b96429ec47f969

SHA256
d054d90eaefed8a70359073037d060f512c070d6721cdc21bb1a6ea7b08d4e97

SHA512
11c78034bfef06797651a530fec960ba03dc935607348cdd0ee86e46d94be1d780bc69fe10dc29665de4ec48135424ede17b957e862b1facdaefa45036fe9837

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
6e11a7f069c581be88a806d3ffd32a34

SHA1
af9887b0661818f380ea2db5409a27f87798f0c9

SHA256
80a0dbe9770e0846e753578888ac1271ce9712fed888c1539a6eaa2525ec4845

SHA512
ce32d95e91e2b94e31ccf7c30f2dacbfd4726411608e1cab026f7ba554a0244ae522c9ba78ef8c54410eea386391d346ac12fefe6559c5fa3e46069c7d40dc1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
093346167d6dc8cc145ba46b82403d79

SHA1
03fbdc2077ede2047a21f73644722782f1c59095

SHA256
98f15aba6742307fdf100a3272526a2fc217856e009ede7e047d238885af1594

SHA512
8a8d4fee6430307ba4c3d2c7f59db2a7ba00871fa17d20f123c47bf549b8b60b06a23deef904b820e0ff7becde6668a8e698a51fa50066627ec14f2525b05995

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize
10KB

MD5
96e6e524a1efcaa25f44050dec4800cd

SHA1
b9715e1e8f57049527957eae03c053bfb1eb8880

SHA256
92963a271f09cf456fceb337c55409ffae5e84413c92781cf70e87269e130f4a

SHA512
ba3d5688994ed3f088284bd39a49d20a461d1073dcbdf104e1bd96c8aa2927474e6f6e3699f607c040327f6b5ba27bd898ee0bbeb5041c21f9a47251950f7e41

Download Submit
\??\pipe\crashpad_1412_YNOFJSPZDLFXBGYW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit