hxxp://plugstothesocketsprocessings[.]legitsteps[.]com

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07-06-2024 07:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://plugstothesocketsprocessings.legitsteps.com

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133622179103615947"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4036 chrome.exe
4036 chrome.exe
5044 chrome.exe
5044 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

4036 chrome.exe
4036 chrome.exe
4036 chrome.exe
4036 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4036 wrote to memory of 4832	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4832	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4424	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4848	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 4848	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe
PID 4036 wrote to memory of 3704	4036	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://plugstothesocketsprocessings.legitsteps.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab1d4ab58,0x7ffab1d4ab68,0x7ffab1d4ab78
2⤵
PID:4832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1948,i,98788198465067995,8212445251158241586,131072 /prefetch:2
2⤵
PID:4424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1948,i,98788198465067995,8212445251158241586,131072 /prefetch:8
2⤵
PID:4848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2184 --field-trial-handle=1948,i,98788198465067995,8212445251158241586,131072 /prefetch:8
2⤵
PID:3704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1948,i,98788198465067995,8212445251158241586,131072 /prefetch:1
2⤵
PID:4184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1948,i,98788198465067995,8212445251158241586,131072 /prefetch:1
2⤵
PID:864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4368 --field-trial-handle=1948,i,98788198465067995,8212445251158241586,131072 /prefetch:1
2⤵
PID:2340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4516 --field-trial-handle=1948,i,98788198465067995,8212445251158241586,131072 /prefetch:1
2⤵
PID:1340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4664 --field-trial-handle=1948,i,98788198465067995,8212445251158241586,131072 /prefetch:8
2⤵
PID:780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 --field-trial-handle=1948,i,98788198465067995,8212445251158241586,131072 /prefetch:8
2⤵
PID:4816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1948,i,98788198465067995,8212445251158241586,131072 /prefetch:8
2⤵
PID:4604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3948 --field-trial-handle=1948,i,98788198465067995,8212445251158241586,131072 /prefetch:8
2⤵
PID:3132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=984 --field-trial-handle=1948,i,98788198465067995,8212445251158241586,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5044

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3348

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508 0x49c
1⤵
PID:3120

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
202KB

MD5
6a16cbefd2e29c459297b7ccc8d366ad

SHA1
40da0213a9e5ea4cb6948f4a8e92b5e8b97e6cfe

SHA256
9462da5aa6e2a762b02a24b7305bac86349e5b5ea182d36fd6a163de550cde60

SHA512
6a9de0231f9987554a20208a89c6c802d28c57ecb6f9e95771c94156b65c61ac1e18298ce6d3f0559d3a08052845cc2014dab335e119fde731d745e4857b7d74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
360B

MD5
8c61b188049e63a08b53cb1c6f4aa6ce

SHA1
57c709fd306b266b5ebb17142c753771cbdbb3f3

SHA256
36dc016a9c29135e3957b24674397be0f0122cd85b4b1baa6d35735ca09a3a43

SHA512
2f69010dcca91f81b5c09ac25d28e73690a82c6b40a1efd3ce9d193f295e6fbb3f72e815bc6d33bb4b4cdb327e697e5ee75c5ec36b1efaa5ad91b483c598d060

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
336B

MD5
95ff6a612cbce85bddb7f372ebe70e27

SHA1
7b0cae8aeb979dee387e2f366179414ae6ca7099

SHA256
ab161524a2cc0fc5be88ada71fe62e6d2b75862ed504177d2f3c9d2730bb1b45

SHA512
c65ec226f9aa18658efe881de64476e365fd98d059211f9f40022cb768361a9a0c4a1f0a00605443ec6ec66c436d6e669f3c574ee7457a896b74806e26ca4a08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
15b38cc53e48417231cf5803fc9d579d

SHA1
6eb85c768ed00c98a6006e8becb595d555ef8d33

SHA256
c274834c3d79a1acd250d8308acc288b41f97bfc248670b8230ffed748c2782a

SHA512
7e5bcae4c270b8923acc1e639f9a939911e1ee1a9b2c34beba2777e97862ed7b518683f025a230e8e1c61a60aaea5676af66a42b43a305f6382e3a9171dd280e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
fa03f4d95d212f294515cd4a7c66633b

SHA1
4fff77a5ae1ecfcd83b7fbafd1976558a4df6c3b

SHA256
8e3f054fa94e3b0d00567bbc4bab7a2ac46f30df8ef4d4928defad3ec70f78d3

SHA512
385459687a2e6cc1f3f393418bc5652114bb0a35a9a5e3937f8e7a6606d2f3e0da546d052cc1f121d4f4490d3b8381b4c1210736d9b666ff6777c1fd67ea2315

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
319cd832dc6071b6cbf0839ea0367170

SHA1
f4007ea2aba7f002b98ed3e73e198799e6282693

SHA256
299aeb415a7cd68185f935a25621a2fd5c4a89e4248140dd38ef19c165fa4691

SHA512
7a7ae022fc1c2a8c5fc2f2832907deef1ec8ae7569895d04b29bc65b9863ae56a4430067284c0c259c5ec57445b11c8d99e25789917101c6d6cd031b8545b1cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
8d88666e5a610a067a180cd8beca5f90

SHA1
b3481c58deeae5839b5f7a70ba965bbf4d1c08c8

SHA256
480fe93048a7ea8071a62c149bcb7bec9bae52c548736bc5a9c1bbbff63a57fa

SHA512
8e4bf416509b562a78a338598a4d53cbfa83d18b0eeecd03ebcc52dd14e7251b036d6ff79db61b2217ca9bb1d1e786a113796cc92f8eaaef6e00170d80a10edf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
89KB

MD5
09645b895bad56d78c092c5eb9b9ab1f

SHA1
fc14dc954736d7174a4c40334d3f81c98168822e

SHA256
191f7c6f8e91c9699d9f68bff71de4f592aa75cfbba539130e8767fcbbafac69

SHA512
ab83dac12e84e3b93a0ac546200872598cfa565c2366fbf2a189581e54c58835142b69f45fdd1f7bc809e8f8073635f8d4457a90bc7257bc426440cd12b60f9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e00f.TMP
Filesize
88KB

MD5
c3777951433c6b375493c30443029fe5

SHA1
fbc2dc8c6a9f0a84fd6865ff9e3da92ae30c36dc

SHA256
1889af5fb966bf272ead0782eac411a63ca480a8f7dde7d0def4422b7f234c71

SHA512
351f37fd0d6602aab6b225208990b722d0c4bb6c35b05f5445b33041ba43f4f9b673e5fca84afbd65e80fd7e1a29d3c24f67433d2f67e2b977d90cd782cff4ed

Download Submit
\??\pipe\crashpad_4036_CYKCYDYOSEWVNMOQ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit