9dd1682f5e8414c278f9d99866fa955a814c136b7f13678a8187ca007731a942

Analysis

max time kernel
149s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
11-08-2024 01:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xwrom/FastColoredTextBox.dll
Size

333KB
MD5

b746707265772b362c0ba18d8d630061
SHA1

4b185e5f68c00bef441adb737d0955646d4e569a
SHA256

3701b19ccdac79b880b197756a972027e2ac609ebed36753bd989367ea4ef519
SHA512

fd67f6c55940509e8060da53693cb5fbac574eb1e79d5bd8f9bbd43edbd05f68d5f73994798a0eed676d3e583e1c6cde608b54c03604b3818520fa18ad19aec8
SSDEEP

6144:4FErOIif3RzSHh+20lXs1TzCeBcQeDbNlz7:eEeR52bmeh0n

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133678120921688565"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1848 chrome.exe
1848 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

1848 chrome.exe
1848 chrome.exe
1848 chrome.exe
1848 chrome.exe
1848 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe
Token: SeShutdownPrivilege	1848	chrome.exe
Token: SeCreatePagefilePrivilege	1848	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe
1848	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1848 wrote to memory of 3064	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3064	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3276	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3044	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 3044	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe
PID 1848 wrote to memory of 968	1848	chrome.exe	chrome.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xwrom\FastColoredTextBox.dll,#1
1⤵
PID:1740

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\Desktop\SaveUnpublish.shtml
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7592cc40,0x7ffd7592cc4c,0x7ffd7592cc58
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1968,i,5814790178698287648,4797057301784415630,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1716,i,5814790178698287648,4797057301784415630,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1900,i,5814790178698287648,4797057301784415630,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2244 /prefetch:8
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,5814790178698287648,4797057301784415630,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,5814790178698287648,4797057301784415630,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4208,i,5814790178698287648,4797057301784415630,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4604,i,5814790178698287648,4797057301784415630,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4848,i,5814790178698287648,4797057301784415630,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3420,i,5814790178698287648,4797057301784415630,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4956,i,5814790178698287648,4797057301784415630,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4372 /prefetch:1
  2⤵
  PID:1376

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4816

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
66b8e5a7d35f40aa98bc47f7bfdf83a3

SHA1
d5b4229f7033798a547f4bd9c682d930fc9d910e

SHA256
7de8baf6d644e3ae567b3721e8c0ce6a667d29d30eebe1bf3118f56bfcaca59b

SHA512
511ec29db12c03952a65c23fddc1081356c8909f50036aa985310d62bc2e430e25b1463119991b31e90992ed31d9242a190d85793bcabe0acde63a4985484dfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
5716f6618671043fcb8017e2cff6e946

SHA1
4c92ac24424502f8ca61b0132f883ec50d988884

SHA256
46b7c263067204e5724fa3aab5db3efb2656115e71314671864e0cb93db302f9

SHA512
4848fe20e78911014112ab5eeaeb516fe309057975490e8b9c49186358dbee3135a1a44d6f34b7d6d4fcbb5498ea57b4c589c8cb92c68db5847cdc32edf53447

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\2698f16f-db02-4021-8d30-f6784bb6826d.tmp

Filesize
356B

MD5
b3a135f09b19c996795d5021bdd27959

SHA1
cae889e1f0e9b67cc19443e64f7e3fb4de1ff3bd

SHA256
8d5e2ed542bb03b9d621b93df43fa04f4c470c98706b86625fd9a82d86c4dcde

SHA512
dd7fe6fbb3a94190de5f9e0ec045c7499414df5616c9c527e9e536109b3f72c6c34f2c714a4cab79f4f46b324e10aaad30972978f04b4c77d9919de78519dc75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c9cfbc807d903e584048e574a7e3c772

SHA1
c589514fe7c2a604fad78c2ba162422f9f03e537

SHA256
c89595f2871fdd02beabdbcb66c8d921a10c9dc5d9c2cb10b39dd3c0e5207fc1

SHA512
be0ab95ed6b76ffb6ea27ee43724409c66b6323566c7dc4ad4255feb43084e54a795d2a918eed3cbdc9bdfbafe9df2d2741ecc015ade9f84884f88dd9f17dd02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5f339ad28e50809d3da2850bc9de586a

SHA1
6fa576c65e0c4d4b737851c8e023ced345df6a0a

SHA256
67dce9fd2d19e42371c50ec71db763f97299a4cff3f9186251273fafb3f73dd0

SHA512
5d2ae3ae2dc10936bfc3f5b219fdfb83a6fc87e6589ad50f5a61b792f6038945f2d3fd2cd37a36b1c96673b3a1a6f4932282b5c2ad65530d4c68d2cac0ee509a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8963929ec8da6adbed15f8f867259f47

SHA1
51c907f7a5df6ed152b47d7fdfab7085e9d629af

SHA256
4478108865a4829bbff733eaf9649f0c27911ee801f576ff433566e60e51b347

SHA512
cc460252ee153a75ba2d81c0d43fb805be7763b8c3a5c0198c01c3c160142dbc3a1f8f83f71985639b698fdb18690c7c603fe275d6143b28d7400a642e5b133f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b490b2c6906c47311d9f1095618bb505

SHA1
0b6fbd8abb86db00753f61629d9e891106590aee

SHA256
9d259397a10029d1219a762f68cf26d0a0dcb3b1c9e2b044245bca5910319d36

SHA512
1bd67694414b0dcd833f850f3aa09c5f5c31d35b5ea7df4a9ee6bcb39dc60363947ae94ccdc3573c6136f761220a09d7721cacefaf2ee7a938fa53339a4acb42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3f3db4880b5b8ea3c87b69f7a3935de2

SHA1
a417a99e1fd402919ccf3aacf3ec0d90a6e608bc

SHA256
e6779f39331a4d88e02ba0f754a1c25575adaec458d0ba2d33408d038dca27f3

SHA512
018eaf80a590fd47d2bdb0d269ac338fcf4ec827c715cb7e2d3f6e58e31b792003cc62f9edad7afe4c049d4ab9610d227242d6866209403daf6e8bda5107ed47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9b93b30fcff2956795bf161c6f16e5f6

SHA1
74789dd420642d89fdc4bf20be56afb5945a1c63

SHA256
c7ed8a667b93ba77895d8a6ca82a3ba0e31161d244b5a9a5290b384c514d80dc

SHA512
bea7d49b576622b8c2e871c2dd4762e9e9746b559d19e4958fcdeefd8ab258f33f7fc72ce6310d3a69c291e8a6a545c2c2b7494f3416846ca200e8d87af41ec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9a35c4054c8c35c57da7db142c898214

SHA1
d4f8e794d0b242ffe3ea9ba689d619832654f2d2

SHA256
5deb3e1a59e624d5ee45ce83a9f96e3108b6dfc8636f7b32325a19eccce2f074

SHA512
203b54f7556d67f72a8a984650c4098d90787ceb5e325760a6c0b1ca62bd50668996b5b7db9b8d60add13bdcbc9d204373c79d83a33968f9750576d351182a3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
50d2e8344df5015bdc61023347ab578a

SHA1
dfca065810bce1687e24b739a7ca92aaefb31f2e

SHA256
440ad3b078172ca96dff5350e1b1b10886d3c5778c89edd3c7d4da2a01b7ae67

SHA512
884aa13c3266ac215876419e08c666a1d507052ef769c9049227c0d9e6214e550924749e63332b03fb29aa13c69941a96ebad28d4cbfd6bdf4340a8c8a1750d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
7a026f46a588a1628c57b023491e4122

SHA1
50c1d1489299bff7263b8321971d36f43fb51912

SHA256
27768a8679637ace9a907df7f1a8717a85873cad5a41f010e1105df9d0402ecb

SHA512
24ae5860e934cd4f306f5877d33a50f55593578dcd40515e96075b954bae787973d00fdbb5a99f003a5c143fe6abffa3d0e7c9dab4fe6375a88fe5afeebad4fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\db27cfcc-f1c7-4e2f-b86e-dfe3d40c9d0a.tmp

Filesize
194KB

MD5
f1f24c9ced7e82c9409f675ce4610c47

SHA1
bf645f0d773209d40467150ca2caffc3855fd26e

SHA256
081fcd1178efbbf593713070a0d808925f94496d7d3d2467f6669fd510307f98

SHA512
d4f47e7bfefa738f5e7a30b7383a98cc61914c69eb660df9839f73f3d29cd59066ad3433ac2ded5b56e4fa09addb272c217fe335dba92313c77ab6aac1fcd3ec

Download Submit
\??\pipe\crashpad_1848_HHHYYVJLYZOZFHTV

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit