hxxps://knowledge[.]broadcom[.]com/external/article?articleId=145804

Analysis

max time kernel
149s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
19-06-2024 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://knowledge.broadcom.com/external/article?articleId=145804

Score

6^/10

motw phishing

Malware Config

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned. 2 IoCs
phishing motw

Processes:

flow ioc

41 https://supportqa.broadcom.com/broadcom-theme/v1/pages/header.html
41 https://supportqa.broadcom.com/broadcom-theme/v1/pages/footer.html

flow	ioc
41	https://supportqa.broadcom.com/broadcom-theme/v1/pages/header.html
41	https://supportqa.broadcom.com/broadcom-theme/v1/pages/footer.html

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133632849461966384"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1552 chrome.exe
1552 chrome.exe
4184 chrome.exe
4184 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

1552 chrome.exe
1552 chrome.exe
1552 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe
Token: SeShutdownPrivilege	1552	chrome.exe
Token: SeCreatePagefilePrivilege	1552	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1552 wrote to memory of 1936	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1936	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1860	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1588	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 1588	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe
PID 1552 wrote to memory of 2444	1552	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://knowledge.broadcom.com/external/article?articleId=145804
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe33aab58,0x7fffe33aab68,0x7fffe33aab78
2⤵
PID:1936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1816,i,15424049798109965668,16437690081760382258,131072 /prefetch:2
2⤵
PID:1860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1816,i,15424049798109965668,16437690081760382258,131072 /prefetch:8
2⤵
PID:1588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1816,i,15424049798109965668,16437690081760382258,131072 /prefetch:8
2⤵
PID:2444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1816,i,15424049798109965668,16437690081760382258,131072 /prefetch:1
2⤵
PID:4224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1816,i,15424049798109965668,16437690081760382258,131072 /prefetch:1
2⤵
PID:1740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4408 --field-trial-handle=1816,i,15424049798109965668,16437690081760382258,131072 /prefetch:1
2⤵
PID:3600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1816,i,15424049798109965668,16437690081760382258,131072 /prefetch:8
2⤵
PID:3160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1816,i,15424049798109965668,16437690081760382258,131072 /prefetch:8
2⤵
PID:3984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=996 --field-trial-handle=1816,i,15424049798109965668,16437690081760382258,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4184

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
09ae9ae698d06016496430126483bcca

SHA1
b18932747a8d64c53e69c8fc5f17fa77a3a78ec9

SHA256
25a7076e7ae5dbfbdf8570162c8be9395e2ec01e4f8f4a2beac9e81ef5253b84

SHA512
27483839a73ac77c736931abee94b643a722bf95f29dd7d2a744b6612110ddbd4389ea0a9f2d66ee8cd69b4ae52dd9e888aed79251c5e50aa8d20f9b89c176c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
080cb1e0fb427cb9f1561553b9023603

SHA1
2896f7526f3980cfedf65c80a6e02ebd0329fc1c

SHA256
f5655a1e2c1b94c103fe23edbd37e713202cc618ef849f588e821a6597231838

SHA512
ed77bb04ea6da8c439d06b2924b13b0dd9a195234c556c023f3b119722925dfd53aa89f2bf772202e45a6f1b828d61c4d423a879b3b999af6dfbb29de39e29d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
e77a11ce5929028e74a3ac9721207b51

SHA1
2fdbf2960d79d04216333a2beb1cfe0176da5962

SHA256
b246187f04fdfd0e119b1947921e631bfd726ad41a980340f22940adf853b1e6

SHA512
782f293f8e9b288ed60c4f7f514aa3dc9568bd6c14e097f777c10cc1d341ee8fba8853d2b1ef528b03c0029cc99d83ce483630d29efb9a2807f2f80d69da1714

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
717c5fc7f0651797b0ba3cf05f3bd3b8

SHA1
b32a675511aa19783d3c66b18a94139b4bb9bb3b

SHA256
2f68a7fabb9111b6169fb4363e8e80aab4570e450b9d0737c0d52a03207e3572

SHA512
291aee587dc4df83bae386190ad39f3562bfebdca0935b0561f716c4de558b8ef7e515a55e5e1707d0d9c4994764ffad769fadde9e3319e3abb2f625e640a7c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
2d1166271076758c3bc637e4f4772d91

SHA1
4d907c0622dc202c7156c34740c907117c45c99b

SHA256
1dfdf232480f3db9138f6aebdfe85a4f50e06f9827a7125330c765356f059c53

SHA512
d1ad4721d95407c5784fbf5f3802c6db8c0513fce326eb08cc769c0a8e8bda567467326d26364d708b631fe2450d17dc20607990772c625a9a6e56d523844a2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a8d9738ebdf35c4d446ae219fb22d26f

SHA1
c6422dedc4b415ad482fd6f92918f2444fdab8ba

SHA256
7ef92d868ced3aaf39a703fa4c3bcb55ac663af2e2f9fe34243dc2a597443272

SHA512
9a4246da17b55a7aec7cd0c318857c82740ed79e4606f30203dcb7594e8f6f18436fcf0d7b455fc7f1dc33a34916afc8444f460c891fc1ae6181a6510cf035a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
c092a1cec866b4a57917d9ba39fb33b3

SHA1
c6119e95f45e523d38b3077d78eb8441e393e946

SHA256
772e96998279c96ca17bec2a8a1d0a18e71e43755d6dcddf4d92f2071c59772b

SHA512
507031765bd9657cdb16ee0eef47362dd92e6fc30e97e99851c96d4e02e5e59f3c6f3249241f5fa0334216b82b76700a2b447e019f06bbbf1ce48062210848cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
b529992657147bf8cbf05e4af0cb8110

SHA1
70dc4fb8e4a1b81dc9a80d1fe098d69a48a05e9f

SHA256
8cbd09d4863a9c0c9c848a147a50507c8157756bc6be28096301ee520dfc5114

SHA512
9d6c3824688a3d4468e18036f3d347bce2b122fcb255cfb9dfb10a51ca9c5f4d4b01745f015e353828cdd256e316c7a6d655816ad274bdabf4c9c54dd5ce50ac

Download Submit
\??\pipe\crashpad_1552_QDIGUYTMUHCOWRBB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit