9cc78ae48bbe21fb18e68ab90792e087ee3525e637a8c4f1f712294f61ad73c6

Analysis

max time kernel
41s
max time network
34s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
17-10-2024 13:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VVCcGr8Xhl8rW1W41vq6C3dYCV3Z50p5hZV9BN80642Y5kBVqW6N1X8z6lZ3psW8Pct067VYKg_W1kdhG23Ql8VqW4yvhr193D-m.html
Size

8KB
MD5

655767ccbbc6fb7fc0844a4ce1df5091
SHA1

d9a0c2bfb337d749948e8c7af8a747c39bafab1f
SHA256

9cc78ae48bbe21fb18e68ab90792e087ee3525e637a8c4f1f712294f61ad73c6
SHA512

99f141fbf1373b102670a64ae28daa0cc2b86377f5b9206315aed23b022caafcba447eb56784b7b5fd1c981690d88ed4e1a374a63f71835ec0b42c6635fb2e0d
SSDEEP

192:xF+Jt8qhTwQsPApQWil7YNhiBJQ2qnQzVSz5ny3pXkf9NZT2q9qL/bbKpF9w8wep:cziVjFXgNfpDwxeEW

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133736464023940659"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BPA Inclusive Workplace Award 2024 Guidance and Application Form.docx:Zone.Identifier	chrome.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3020	WINWORD.EXE
3020	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1036	chrome.exe
1036	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe
Token: SeShutdownPrivilege	1036	chrome.exe
Token: SeCreatePagefilePrivilege	1036	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3020	WINWORD.EXE
3020	WINWORD.EXE
3020	WINWORD.EXE
3020	WINWORD.EXE
3020	WINWORD.EXE
3020	WINWORD.EXE
3020	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1036 wrote to memory of 1128	1036	chrome.exe	78
PID 1036 wrote to memory of 1128	1036	chrome.exe	78
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 3868	1036	chrome.exe	79
PID 1036 wrote to memory of 2912	1036	chrome.exe	80
PID 1036 wrote to memory of 2912	1036	chrome.exe	80
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81
PID 1036 wrote to memory of 4888	1036	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\VVCcGr8Xhl8rW1W41vq6C3dYCV3Z50p5hZV9BN80642Y5kBVqW6N1X8z6lZ3psW8Pct067VYKg_W1kdhG23Ql8VqW4yvhr193D-m.html
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8a130cc40,0x7ff8a130cc4c,0x7ff8a130cc58
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,4061075701596537205,3419397023871146588,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1816 /prefetch:2
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2084,i,4061075701596537205,3419397023871146588,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,4061075701596537205,3419397023871146588,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2344 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,4061075701596537205,3419397023871146588,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,4061075701596537205,3419397023871146588,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4392,i,4061075701596537205,3419397023871146588,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4400 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3184,i,4061075701596537205,3419397023871146588,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4632 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4852,i,4061075701596537205,3419397023871146588,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\BPA Inclusive Workplace Award 2024 Guidance and Application Form.docx" /o ""
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:3020

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4508

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
059375a50b0d7951f3ca37e4af7dd9ce

SHA1
de40476a3dfcbce84f40be1a0ac1213ffae29c6f

SHA256
aeec13d15a810ecd1e4afa4870bac1acf47650be825c11e670cf8c95a11458a4

SHA512
a931b924470f5ed2524c77a608854d45195778b3eb29f0186979da0202af2dd63ea99b55f55dd8309385a7c63d08804f77384ff2bdd4d2e4857528d48f108c15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b62ae1ecf852a658c7b91a3f74808a64

SHA1
4c14a8315493a664d3504c1c86587b2f04fb5c8b

SHA256
46033b35d207bdc0a4dce56d9b6533b51e90ad8f298c0ec891994d257a598a5e

SHA512
131d7c2a532ef4894bb311cbb0cac00006065daacd9eb10918f5c46be7a2100e26e841a1a639d8e40a98669a3f34cd96fb45b444b7e028648f6ad8fb9c3c39e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1b194354804d92f34ec4962ce6fd1caa

SHA1
ec2af2eecc669dc6b4f679f0b4f3a53dccaa75e9

SHA256
ae2fa69d98c2670cb2a1873ce6485d0385bb5af109a5707494999fbb9a7c87eb

SHA512
46522be989d51b0a2e64879050072d031134861adb80ed1a71bbd128e67b53e4f1c01f72c5d5b4e37b6bf26a35053f8908c74e8181b9b13c69709cbb9fe2d00e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cfb2c84be7c983859d2d8837d52e6620

SHA1
f0404db9d3eb1028091d8fff576d08b9ab7731ff

SHA256
a22fda24f1864573bda5998471aaeb99794533d3d5f1f2d7779dca61086f39b4

SHA512
d471b5ad52c1cadc81e4619a257912aba1e6215a78018afd4869c55d9ba88c02a8d3d704f398051cb518d1ee9ec9de2abb518076789d708d7f70766b224739e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
e4eb084d1162603c36dbf0e44870534b

SHA1
8cf104b98ce1fa109770cc074750b11c87b526c6

SHA256
4520a0666351265d09d16e856b8b87faf961a315609617638edeea7ff483ac1a

SHA512
1d30431729a8d79edb9762146ed9ff7e91e53346107f9bc9a5efa1acab6f74253a2321d45706e300a3ac7a1a6f19725788c7c42360155e5528c92d7aa735cbea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
b91158d01d69f6a20b8f92831c63f62f

SHA1
69c30ca67c7ddd72ad1c8f7a7d7e17f6249bad9c

SHA256
33c7d13d5a33b3054c192fe59b22f94f044676ed257399a8ed40f5d2e0d5f2ef

SHA512
5902ce9509493db8495ff7b73f1d2c9db99ec4a4157d3e02503908503f1703ffa19802b76433d606bf5671ed1e934c24729e38d0fdfa72b3663278db4e7b56ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCDF85.tmp\sist02.xsl

Filesize
245KB

MD5
f883b260a8d67082ea895c14bf56dd56

SHA1
7954565c1f243d46ad3b1e2f1baf3281451fc14b

SHA256
ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

SHA512
d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
418B

MD5
e23d531e9d4245a0cf8dfd9595beb7c0

SHA1
b4d021f4e4f6740abd79c3933565ee5136035c60

SHA256
57762c0016c697485d3bab74f0470fdb515e0e27b59c852992b9b5694e6cdedd

SHA512
bad62ef101e06c8b35b3e9f615674ee5638892994673faf3ffaccc0b5d3c756714e87ad87fe6c5cc52a3e3169aaccb527d1fe6a01bfb9955108776f5596284b1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
16B

MD5
d29962abc88624befc0135579ae485ec

SHA1
e40a6458296ec6a2427bcb280572d023a9862b31

SHA256
a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866

SHA512
4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0809.lex

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
2KB

MD5
7fd40938dce15efe13ecb2c791cb3ccc

SHA1
cca4072c0b0522f0e9b9be0d378eb5f09e3acd68

SHA256
f05a7d12cb54f0290f61cfcb1b2ec7aec4fae5b722beda6eb76a510ff1474523

SHA512
c2f203abff29483734afee1b96ed25e2bc354917e59c5e4a721cf7badfc057f5425e9576edaccc18ba146d4ee05b257fd5bd06897517bbde621c16cebeef26b0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
1KB

MD5
83f19f3bb5a25624ac925f37682fe43b

SHA1
6312b92d131e2771a0e48dfa3ba346814f727153

SHA256
bc8a6e6ed4196d4b87ff63648ae8af24578633e23ab28a3365d5233f5ce29948

SHA512
bb77cd35d0e1cf2ca86b195dff29387478854449ce6caf2749cd618328f06af0dfb0fce40ceda1bfde0fd02b480a5f9b16bc3e5cba30f1e7307afe21cd33e040

Download Submit
C:\Users\Admin\Downloads\BPA Inclusive Workplace Award 2024 Guidance and Application Form.docx.crdownload

Filesize
65KB

MD5
06c82a067b4b1027f0f424ad92d6c000

SHA1
e378f00ddfe6df14b2b72a11a7116f14c5e3b2b6

SHA256
e030153e3294c1ee6cc6c35f908dcbc1043c2a70df488fdb90ffb94ab42947c6

SHA512
5dffd45b6773d88bf3ca98c05ae6dd7a79c87cef09a42e0b91931a26cb0fe3bf69d4f7d6c49c1eadca95a05a62f5c15b6ef0d4f40edb2f2797044969feec1e45

Download Submit
C:\Users\Admin\Downloads\BPA Inclusive Workplace Award 2024 Guidance and Application Form.docx:Zone.Identifier

Filesize
549B

MD5
89568bf357e8e797d4bcfcd484017b7c

SHA1
cd7eda1e86c0159d39430db2839407f93a20dd35

SHA256
c3e2263834b35b3dad6096a250ccf59af5f98636f396d084493f2cdfd8e60b9d

SHA512
473ba82f2f214db79ac17b6aa34db3ab8c1db40c0e8eb5aef1f2da69a93e981d648b022e2d52d4800806b489f274d42ae1e25f110b02c357abd719659ecf064f

Download Submit
memory/3020-44-0x00007FF86FE90000-0x00007FF86FEA0000-memory.dmp

Filesize
64KB

Download
memory/3020-48-0x00007FF8AFE00000-0x00007FF8B0009000-memory.dmp

Filesize
2.0MB

Download
memory/3020-52-0x00007FF8AFE00000-0x00007FF8B0009000-memory.dmp

Filesize
2.0MB

Download
memory/3020-51-0x00007FF8AFE00000-0x00007FF8B0009000-memory.dmp

Filesize
2.0MB

Download
memory/3020-47-0x00007FF8AFE00000-0x00007FF8B0009000-memory.dmp

Filesize
2.0MB

Download
memory/3020-50-0x00007FF8AFE00000-0x00007FF8B0009000-memory.dmp

Filesize
2.0MB

Download
memory/3020-58-0x00007FF86D2F0000-0x00007FF86D300000-memory.dmp

Filesize
64KB

Download
memory/3020-57-0x00007FF8AFE00000-0x00007FF8B0009000-memory.dmp

Filesize
2.0MB

Download
memory/3020-56-0x00007FF86D2F0000-0x00007FF86D300000-memory.dmp

Filesize
64KB

Download
memory/3020-54-0x00007FF8AFE00000-0x00007FF8B0009000-memory.dmp

Filesize
2.0MB

Download
memory/3020-53-0x00007FF8AFE00000-0x00007FF8B0009000-memory.dmp

Filesize
2.0MB

Download
memory/3020-55-0x00007FF8AFE00000-0x00007FF8B0009000-memory.dmp

Filesize
2.0MB

Download
memory/3020-49-0x00007FF8AFE00000-0x00007FF8B0009000-memory.dmp

Filesize
2.0MB

Download
memory/3020-108-0x00007FF8AFEA3000-0x00007FF8AFEA4000-memory.dmp

Filesize
4KB

Download
memory/3020-109-0x00007FF8AFE00000-0x00007FF8B0009000-memory.dmp

Filesize
2.0MB

Download
memory/3020-110-0x00007FF8AFE00000-0x00007FF8B0009000-memory.dmp

Filesize
2.0MB

Download
memory/3020-114-0x00007FF8AFE00000-0x00007FF8B0009000-memory.dmp

Filesize
2.0MB

Download
memory/3020-46-0x00007FF86FE90000-0x00007FF86FEA0000-memory.dmp

Filesize
64KB

Download
memory/3020-45-0x00007FF8AFE00000-0x00007FF8B0009000-memory.dmp

Filesize
2.0MB

Download
memory/3020-42-0x00007FF86FE90000-0x00007FF86FEA0000-memory.dmp

Filesize
64KB

Download
memory/3020-43-0x00007FF86FE90000-0x00007FF86FEA0000-memory.dmp

Filesize
64KB

Download
memory/3020-41-0x00007FF86FE90000-0x00007FF86FEA0000-memory.dmp

Filesize
64KB

Download
memory/3020-40-0x00007FF8AFEA3000-0x00007FF8AFEA4000-memory.dmp

Filesize
4KB

Download