hxxps://aka[.]ms/AAb9ysg

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 15:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://aka.ms/AAb9ysg

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133765886854989583"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

3880 chrome.exe
3880 chrome.exe
4284 chrome.exe
4284 chrome.exe
4284 chrome.exe
4284 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

3880 chrome.exe
3880 chrome.exe
3880 chrome.exe
3880 chrome.exe
3880 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3880 wrote to memory of 696	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 696	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2188	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2080	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 2080	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe
PID 3880 wrote to memory of 4672	3880	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://aka.ms/AAb9ysg
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcd715cc40,0x7ffcd715cc4c,0x7ffcd715cc58
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,18340737580987560631,4006451212624678517,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1996,i,18340737580987560631,4006451212624678517,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,18340737580987560631,4006451212624678517,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,18340737580987560631,4006451212624678517,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,18340737580987560631,4006451212624678517,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4400,i,18340737580987560631,4006451212624678517,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3152,i,18340737580987560631,4006451212624678517,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4644 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4848,i,18340737580987560631,4006451212624678517,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4988,i,18340737580987560631,4006451212624678517,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4828,i,18340737580987560631,4006451212624678517,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4284

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3620

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e8b28018a54952b71bb94dd2ab22dac0

SHA1
7859bd9cbb715edb3e74f15dca4c212caf544607

SHA256
a844945e37ffc90cef1704d05499287d44d78a580ae16465528eeec4bb2a4993

SHA512
152a15ad5c2527e88aa2b9e99593007682c8bac52a1de5f8fb36ec51fdc2b5962fb89f27126d95f734dec6a29945b5e66bc2433047e7675308176b49edd8b38f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
fca64c2b09688e59e57fbcae075d8b46

SHA1
4325b7b7de24a46e04ce6bcbdda91b9aec314dd8

SHA256
f61e5b21270bfc99410a78bfde908c164f9a9f1d5c0a9bd28ee278dbe92d7630

SHA512
962017c11d5e170ad137650caa78ea512a6783dad1806b7b39bae45080e4c965e62f082a72f2741f39da829f373c4ca129ce8f8a419f28822f1d802cb345a705

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
dfcb092eaaacd2b6d74b88bb75d51277

SHA1
a726815978198ec0c212ce305b0d585b7813ce8f

SHA256
7becc3ceb4ddd80500aacce2a5e39424a6f1b4c9db3b4b739c6335ec0d04a4c4

SHA512
a8e91113744a7d51247120db5dfba8f11e5aa86166d014ed0409421a740fc087c1cb68ad50d92e44a4c65d0e9d25e287a0536510aa598883e3a24691e159b56c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dccc2ced8f5302ab8d52c3bf32ce2470

SHA1
517f1b5a3c7118c5eea063137cab4e148bace7f4

SHA256
0043238b3c000f2b18a167a0294b32773c976fc13fd02191c6f26a7e46e4f48f

SHA512
639bd9e8526915b0326aeca8ff89c5182811d7294a40682c1e9ab9abd16d9e7c53e6e917f453b911fb87e2893a1ac80cc944a3f2f1bd2d55af266c3cc9af3206

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
25e72275a24b8999c1d7eb188778de85

SHA1
e5981fdc33349254af0838e6c3799083591143b4

SHA256
a911cb3d04217d9a4b6dd960e82293b48bf75e788bfff8e2c52c1c4bf3257619

SHA512
5fc27e4903a16d29d0ee0a6c77a30de7d2a2c5d818cc38edd6b5bd391f35bc62c5280f0dab3edc5e75c5f1c26045ca8c2b0cefef5f7962ad0fc49c3d7b1e6690

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7e15df90925961b17d82cf46a8eec326

SHA1
47e7a00fe773fe9277b8b2ac6b7e51930aa7840b

SHA256
a05efb22b34800751632d7f1124e01320d46cdc1f757c5e58c119dc05b3a185d

SHA512
9a067ab1365ae57f6ad5a797588b852ec82704c54828f24e2b7de03932f9f1c317d16ed10c8a0168a39db1647ae65e8a577ca6b4d1d24de86995c1d3c65bf768

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
26fa97f1ac6535a39401ac336d2fc1d6

SHA1
caa2ada6ac6fe937e47ab264a8bf947881c76b08

SHA256
ed16f8ebaf26be522a05407132fb0a3756fb34c08c8f5738da289c1944277488

SHA512
5442d1d202ffc797e5653636c2783c41d9cfdaf92e23faccc3ba4fa4a9f1a3a2273b3c3c6d3ce0ce423d63ef688019aedac6c7174d5d5b0bd9b102cdb31c0e9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
44a9f484473de7b7015f040208286286

SHA1
f3710a38c34cbc89d8a34c1320772f3783651f6a

SHA256
eda82bc241348673641d3ea6c047062583c53cb687ec3e29b50ba91248fda454

SHA512
d3d5374bc913cdca5d28a4acb84106ac70324b74118354b0395bdfa840fcc2b80fb21f9542c0ecc472ee3e0c10b0304287943ce9632f2f92ea967c273b217f4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d7778a0e61c87615228592fa8511fd5e

SHA1
2aa91158096c475e332de7b5c9c799f85eee39ae

SHA256
1e7aa93fff442051cfd717dd248c54c8e58081e7b85ae0d269f85c3f4a05e9d9

SHA512
4beb760f0b866fb4c224b45e8d35317ea138f1ea76196dc15f785f394490ebf535a6a69bcd82c8e050668427a111d8ab709dd63202beff9d5332240a339f49d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
48424d050508c23b610cb1dd33a69ebf

SHA1
d51cdc05db778a737f9b3be01dd4fa0a67de7a9c

SHA256
6bb4e112180c6dbae3db535a35b51553db5cf4e22bf7fa80b9129b3092e7aade

SHA512
7505e34c352839cb4ddac448df47437c2f9ec284fb8f7b16a3760b0deec9c58adab92ca54ab1900c7715ac53d061d06d424ed90c1426784fdd9aa9b5e3f1d7af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
35643ac4de14f3a349022526ff353c20

SHA1
2ab225892de5432814c6fa1383d6763badc2531f

SHA256
48708853a1a04734309f1ddb4f597cddbd79f184000935daf51edccc8e4a9698

SHA512
106c2d6637e9173a819266c4f44ba87b557b304569e6be1e14bbd0496db5465936c0cc42860639069890b2cec7bba321057a74064b14e7e0c18a631e4a1467eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
31b7b73608eca10293bee538b36fd8e3

SHA1
8e0f881b6c08c024159b658eb7a9392471e7a392

SHA256
133014b5a695a4f22da64d9c34662427fbd171ff314603455e7167b15349a1c0

SHA512
bc07464df5d989500f620e4566c5cee03043b6ae8fb73774bac99f1f95b9c2539b1945efa4dff5c3607b99d01ca8217907240fd9c853c5f0d8e8ef1ccd93ee31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1a31e5bafd9a5521630b27ec163d9801

SHA1
2032c8dd040f888bc9b74bae13a88c4a3ee3915f

SHA256
2af07f46a7748458df03251b3bd081d1d70fc2ffc12be1c982ba239afc8a9675

SHA512
8683c6279b6b4182234a08278a132ede53ca67ea35263de6c9d6583613cc35d1e023e8874c7fc482ae3736fd86b8cf8f63fd3e4107319feda9c43156dcdd84a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
3514295a0b2523afbb42aa39b8b7cb91

SHA1
2d4817fc16708da2373107e320503c4f74b53ab3

SHA256
dce829017a93e7dc6a27084cccc5c58856a9a2a59fd76235ebbc0bc92cacae25

SHA512
3b90dc13c9ad79543bab9d5d20a33c8ee06cc48f99a7b5e05ac3199d15cbb51b8cb96b728d6e78783528c524ff53096984f43ac60985d0089dd22609bac11317

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
8d5965baff4ea640f24a09af693a2373

SHA1
af2512839a0850d98cbbfd2c8d0ac9dcd5e7fc76

SHA256
410a0d555d408d529cf88c79610de40336c768a4e797f49f96f56d618c9341ae

SHA512
32f8ff236c52629ae5c74b4846333f7bec110bb17095c34cbbf4dac337023134afa949d91ba0a4d240d49919f97d4f8614b76594063e3f29158e8e72452f2ac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
6444082cc301334c976aa6d748c03f7f

SHA1
cd32de8fd0a670477eeb583c4912609f40396682

SHA256
68c46d28245fde1a92eef38bb86342294a6aa9848f0446c5498091f82398715d

SHA512
ea35ddca20302700958f64c06899f12a42fed079a3a0e3b348ca03cbd9bcdb0293e5ad3795fffcdacdffe7b9b3bf334dc03d0da4b177749e68b7027a97da1135

Download Submit
\??\pipe\crashpad_3880_ISWLKGJZDCHAFLEB

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit