hxxp://www[.]fojas[.]cl

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2024 22:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.fojas.cl

Score

6^/10

motw phishing

Malware Config

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
phishing motw

Processes:

flow ioc

19 http://fojas.cl/

flow	ioc
19	http://fojas.cl/

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133604589503451289"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3880 chrome.exe
3880 chrome.exe
1744 chrome.exe
1744 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

3880 chrome.exe
3880 chrome.exe
3880 chrome.exe
3880 chrome.exe
3880 chrome.exe
3880 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3880 wrote to memory of 400	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 400	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3344	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2412	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2412	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 3032	3880	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.fojas.cl
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd17afab58,0x7ffd17afab68,0x7ffd17afab78
2⤵
PID:400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1984,i,14847718853306321006,17902932943983742137,131072 /prefetch:2
2⤵
PID:3344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1920 --field-trial-handle=1984,i,14847718853306321006,17902932943983742137,131072 /prefetch:8
2⤵
PID:2412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2100 --field-trial-handle=1984,i,14847718853306321006,17902932943983742137,131072 /prefetch:8
2⤵
PID:3032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1984,i,14847718853306321006,17902932943983742137,131072 /prefetch:1
2⤵
PID:536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2944 --field-trial-handle=1984,i,14847718853306321006,17902932943983742137,131072 /prefetch:1
2⤵
PID:2544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4252 --field-trial-handle=1984,i,14847718853306321006,17902932943983742137,131072 /prefetch:1
2⤵
PID:904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3148 --field-trial-handle=1984,i,14847718853306321006,17902932943983742137,131072 /prefetch:1
2⤵
PID:4468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4580 --field-trial-handle=1984,i,14847718853306321006,17902932943983742137,131072 /prefetch:1
2⤵
PID:564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1984,i,14847718853306321006,17902932943983742137,131072 /prefetch:8
2⤵
PID:3268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1984,i,14847718853306321006,17902932943983742137,131072 /prefetch:8
2⤵
PID:1612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=736 --field-trial-handle=1984,i,14847718853306321006,17902932943983742137,131072 /prefetch:1
2⤵
PID:1100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4452 --field-trial-handle=1984,i,14847718853306321006,17902932943983742137,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1744

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2060

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
Filesize
204KB

MD5
41785febb3bce5997812ab812909e7db

SHA1
c2dae6cfbf5e28bb34562db75601fadd1f67eacb

SHA256
696a298fa617f26115168d70442c29f2d854f595497ea2034124a7e27b036483

SHA512
b82cfd843b13487c79dc5c7f07c84a236cf2065d69c9e0a79d36ac1afc78fa04fba30c31903f48d1d2d44f17fb951002e90fb4e92b9eae7677dbb6f023e68919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
78918697b9cd7ad281043269f0d5907a

SHA1
a836176720af3a65f8c5aacf9ddd047839dc6259

SHA256
6ace3e46bf8117b1a127683b65f11ca6aa388b0d02a4a2a214c2b5f442038e40

SHA512
90314a871309809b8eb81fe1f5b07c1787f2641092ef2ae41418e019c84abc1900f29b34391cfd783e7b35233049681b7c309d99bab0b8c06e7233537c11467d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
504B

MD5
77e88544bde278f6919ab40f06771465

SHA1
73dd88538282c6afbddcf224224b23e918da116d

SHA256
4a29628703e9d7cae67422c75a13039c0e69a7a7fd44a7edcd69a7018cdb526c

SHA512
aa555e35d6c9837f2f93c8c536950bd1d46adb4084a908f9103848956414356cec71eb22885fc5a72725bc665ecc94b0ddb25ffd061fe8d66b48557f90945e6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
9ed6285525d741342e9dbf49c78b7ccf

SHA1
d94f1b1673942fbc788ff4da14e3f68f517b7ef7

SHA256
2c241b70b672061ac2a3a40e24dd044fc51ad2dfcd4ecb8ce06a7b83cb2162a9

SHA512
a6b628424d417e616c6590b59cd40e69c514bc8adf95e1ba251d962427f0b59395591d9bd53081c6f6375bc981e0e295dfb950025005e418e9c5d2971ebd45fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
22e1e613b5922c79daf245726f3380f2

SHA1
2b2a382f1cf97e12729ce8b14ad122dbbf61fc98

SHA256
88095d6ba8a96e8f19680f3fea0553770d065dc78d67d6c09601ecae761175fb

SHA512
295aeecd46728adb3e4e3d5798b82afd97a6cc905e633588178e266abff86def3c3030ce80e1974e8a3460984a07adaf27a3b4587f9e818e0429a215f08afabe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
c939581f113de489808cd7aa3cab6953

SHA1
2efb2a28fc3cc9cdc383dbd364f21c975d3be699

SHA256
3a8c34891322bf452798c80731a915aa16e5039a2f9b4bcdea0d32cabf763c30

SHA512
213a4780c29b5f408645b033639b6c25bd4e2316d684344821b641a80611b5735caead3f07d9b7825e57bd4e382ed66df1d0535f5dca466d5057439c79d64da2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
8530d62bdf1ff66e9d04471bfed38b82

SHA1
7e1ab966ea7059dcab0c4a8d6c5c9b03d5d1c7c4

SHA256
084f2cabd3d3d1d250db8b632f6b4d92cb6173068ad27b052825a58e9e80c954

SHA512
5440d2725db30c2a60feed8e5f44abacb18e7e5d574ae2fc1d9f5f0958d27791f0805873983b70b5f00e8753a80b29dccdc1e70d79f1cf3859c3abf66687ca6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
129KB

MD5
2ec7e7a16271deaf1ba55d1f8417eea3

SHA1
8dd84d581619963bf0d07ede1b378148df9e2611

SHA256
690a442defd16932e202bca889fc887e9f6b5f8a40da16f6159ab9ce81fd1e85

SHA512
097c83c9f2c5e960a3b4fe3d43686d1add43c7e7a33b34e8095860354d31657f60bf70d7f85065a51c1edd1827243ce540bbb354131589cdf8bcabf9bd6b547a

Download Submit
\??\pipe\crashpad_3880_TWNHDSSBQFHEQYIB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit