hxxps://github[.]com/settings/copilot?editor=copilot_1[.]78[.]9758

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
27-03-2023 16:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/settings/copilot?editor=copilot_1.78.9758

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133244144125903380"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1860	chrome.exe
1860	chrome.exe
2828	chrome.exe
2828	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe
Token: SeShutdownPrivilege	1860	chrome.exe
Token: SeCreatePagefilePrivilege	1860	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe
1860	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 1868	1860	chrome.exe	85
PID 1860 wrote to memory of 1868	1860	chrome.exe	85
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 2220	1860	chrome.exe	86
PID 1860 wrote to memory of 3220	1860	chrome.exe	87
PID 1860 wrote to memory of 3220	1860	chrome.exe	87
PID 1860 wrote to memory of 4692	1860	chrome.exe	88
PID 1860 wrote to memory of 4692	1860	chrome.exe	88
PID 1860 wrote to memory of 4692	1860	chrome.exe	88
PID 1860 wrote to memory of 4692	1860	chrome.exe	88
PID 1860 wrote to memory of 4692	1860	chrome.exe	88
PID 1860 wrote to memory of 4692	1860	chrome.exe	88
PID 1860 wrote to memory of 4692	1860	chrome.exe	88
PID 1860 wrote to memory of 4692	1860	chrome.exe	88
PID 1860 wrote to memory of 4692	1860	chrome.exe	88
PID 1860 wrote to memory of 4692	1860	chrome.exe	88
PID 1860 wrote to memory of 4692	1860	chrome.exe	88
PID 1860 wrote to memory of 4692	1860	chrome.exe	88
PID 1860 wrote to memory of 4692	1860	chrome.exe	88
PID 1860 wrote to memory of 4692	1860	chrome.exe	88
PID 1860 wrote to memory of 4692	1860	chrome.exe	88
PID 1860 wrote to memory of 4692	1860	chrome.exe	88
PID 1860 wrote to memory of 4692	1860	chrome.exe	88
PID 1860 wrote to memory of 4692	1860	chrome.exe	88
PID 1860 wrote to memory of 4692	1860	chrome.exe	88
PID 1860 wrote to memory of 4692	1860	chrome.exe	88
PID 1860 wrote to memory of 4692	1860	chrome.exe	88
PID 1860 wrote to memory of 4692	1860	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://github.com/settings/copilot?editor=copilot_1.78.9758
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb3a4b9758,0x7ffb3a4b9768,0x7ffb3a4b9778
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1780,i,9206010318187007813,11146562415944240326,131072 /prefetch:2
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1780,i,9206010318187007813,11146562415944240326,131072 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1780,i,9206010318187007813,11146562415944240326,131072 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3232 --field-trial-handle=1780,i,9206010318187007813,11146562415944240326,131072 /prefetch:1
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3212 --field-trial-handle=1780,i,9206010318187007813,11146562415944240326,131072 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 --field-trial-handle=1780,i,9206010318187007813,11146562415944240326,131072 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1780,i,9206010318187007813,11146562415944240326,131072 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1780,i,9206010318187007813,11146562415944240326,131072 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4880 --field-trial-handle=1780,i,9206010318187007813,11146562415944240326,131072 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5180 --field-trial-handle=1780,i,9206010318187007813,11146562415944240326,131072 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=916 --field-trial-handle=1780,i,9206010318187007813,11146562415944240326,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2828

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2856

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
36KB

MD5
4f584941643227707fda008dec37c6c1

SHA1
10cf8b1d3f7ba0483f80a8acc0d0dcef93123fa2

SHA256
4b799fd2818bf5342bfe0866f444973ecfbb9e3fef5c74bb5100d5d05610d0a6

SHA512
c8bdddad550f86444e676aeb50b0db80872a0cb36631b90ddb771258b15ac9b4aea0c42026d5d3c90d4394f8c088c9c086b40be80b49ff2228c576ef7bbeda57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
44KB

MD5
4fbbf22f7c282962ddf375053c5cc23e

SHA1
940ff57a8da4b32e8383236dd49b0298a3226b37

SHA256
f8e68bb37b25f8e41bfa51d72050ae6f4a9ebb9664da7f150fa1ba81c94d8c4b

SHA512
f6603de2b7796268ae334d47fcad63cbb10e9528c4e41d9522a8a9129ec72838f58efe21808aa09dead2a949d34edd98423dc86b6e975f1b8d4a59277ac7b7f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7a926002237b846c9bc59b69086353fc

SHA1
4097607589361f7139cc86521a84f5cc785d1a9a

SHA256
1bbf9505d31f66e379b68631cc2a77dd17bf5112ec1c6b98c7b1862c812e9a16

SHA512
d083c527d49723a26c86e0e08c4a6f4ee6f6684dddc371cec1a5db41dc86812c52a5a7297ba8e90d2cf3dc08172e23e4234da61105a8c129cbb356cca7380661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
362d8e8021885f748a77da630dc4118a

SHA1
ccff0ba1fb86e0b97fe3a0aba32856070ba993fd

SHA256
d55a18fe7cc700a5a06dfe196ea3aef914a99140a505f6561e9b1435bbf11788

SHA512
1067d6431015a9cf41e3864d71cf9d7227fd4b38c97915ad4bdc75776f52363469adca988c6809dee895c2af489c081caca315145b0210760c84ac4a0c815f7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f4cb3672ded6d7cb268b98ba5f9e26fb

SHA1
dc3729705dfcdc2893b661926138a9cc139fd6e1

SHA256
96ff26aefdfc1720b8ef8b9c466dd7029cdc7618fa90153e65052d166d96abb0

SHA512
d26ebba46732b895928a1c0754e875f60375189f2c6f97d27f57ddc9673e9b514376c3d072f41a1e2250cec11bd34232bed13846f4cb7faac29592c61a5ec545

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7543591ecd65c92a9029641c4368b3bc

SHA1
8eac17683e02c2e29ee8ecd67367160a146b5e1d

SHA256
2a6701f4f635d69bddeae09006e6d79c9bc822528a3aceaad4457ea95ee6f0ab

SHA512
5ade3f7ba7b9b6769ffd98027b8a92844011fc2a81a28b7638b46580865c9856c2e5a9e2ce88f92b945dfb5ce02f831cbe0a5fcf9296e7320647b125639b9066

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
aa0f78f096534c218aae0beaf2afd619

SHA1
d94c104fa448a95ed73bbe23ff5e3556aee339ee

SHA256
615ac89aef1068c93c598f21afd95b1749a51f0d1b0915591de7f153bc04dbd9

SHA512
9b77f2f3d760c50171e7805f023c839bcce3221f01cf9fe6e454ee356bec085bbc063051c8cb3e6e0cd3020fb7ed188fd813c2ccdc13561bdcd244306191c103

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bb84929f4f46b0b15c2c2749c58e612b

SHA1
d1f85cc46255930d7abd3c43994cc3456ea69089

SHA256
d1cdd8611112a99119f8a78f35391d24cc898607bc9874af0216adbcf39923d2

SHA512
eb5c2a9ed9ce7e7db7b5ad325415c5917185bd0739360e954bbd6857b653f7ef1dbf97a15fc29bea252a2c198b4d2022f4bf56e1e694c3294c22eaa33bc7f053

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0c84ff6da0b215681b71da77cf2940c0

SHA1
d58bdac7ab67896a5e115c5a764316eac49e4231

SHA256
25fc7575a19ed9b74e59da1359aa111df2e0acc73057175c5db3a50ac7afed1d

SHA512
86ab37e29f59e0bf41d692dd77948b34dbe9441a95cafa143b1d95563fe583f9020a271924e1b40f286ab5d100046497bfc24ebb2e0af46c7aa4276eb304f899

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
58575a6d0b58a55e8ea9f7e276b78f82

SHA1
8b4b006239702e4397f6951b22e6ec9c8219164f

SHA256
68623d7504a1d1321c5ff64be05f544dd26c00772e4e92f53d2f04aa21683e4b

SHA512
800b081c7dd2b98c522d9d1d4c0572885a33dd00c49430df19e3312844a19f9b53fff1cf08d385801a2b79a26b062315d71c6627368fbf4faa9fe0babf13ddd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bd892de842d480319d91e068df3ff281

SHA1
f8547e7c8de5abfa737d5c8a06521b2ea66dd015

SHA256
71abdc073de4d2341721397d035b0dc6bbef57f63293b634894deb4bc4455a4e

SHA512
107a0f716861346e61e8ab5b24d0d4991ccdd9b187611c39d3fa32bd69c73e087343aa8cdfef4fc6776b2ed255a87aa7e46d1355699a96c17373e0f187adb1b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
292adbf2df22a98c1569bd30c08259c9

SHA1
8075d22f11ec43832247f689ba2be45832316bb4

SHA256
072667d80158e36386377d0bddec61e411bcb1c978c4af0999fa279d6b2aab9c

SHA512
20af36e71a76fe5aa4921a70461af8bc46bbfedd981fb1009bb5606ece11aa760ab238b262094b6f9c94c39b9e663cc2eda1aa2d16d482e8b40a5d9e61abf79f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
06550e03758bf56fe9eeb1049c37069a

SHA1
320fc2bfbb42eab274017d7b4e2e5b091e088318

SHA256
f3e1c596579f67308652801181876b06305c2c36849019d1889b0e77f29b67f8

SHA512
bb9cac2a796b8ffd0f840c66a8a9618cc5150ab9d82a05978e743aa14b62808d21a096432438c111551b4ec9ec94af6ef2eff9bec873722c96ef9f6dc866960b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
68cf9006a37bd359e44fb2ac214f6516

SHA1
7e4fb7339a7c07ec1f48632f06b62500f38f1bcf

SHA256
b21998a4c63dde07d8073d818c835489e1de91bad6916fd3238359f3b06a5734

SHA512
1025fc579008b99ed125b36327f04fdbf1ebb23d7e96202922191f65aefec43c9f5cd4fb6421b845d2989b2fb26a9919aa3ebbe00f722bb258e70a5ebbd4ef51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
974406c83c9b5a1362e0dc1cd7d62f8a

SHA1
6a54aaa5089445337ddb36a1837e5f808adfaf95

SHA256
84fd02cf289bbb273a7541640a077572862f8c07b4e4d16a06cb03f28a0bcd4c

SHA512
31207ed293278ddb52cdc5e641a3f6e015a15b802fcb895f1f4017f8ffc3f2e90ef3ef0d1c12f17f7cfd7ba5d4cddec17ef5621b24dfec0bd17bcd209e64b66c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
83aae028a79e799366f9c2974f49dfff

SHA1
8ba035e7839595e7782988a3b772925e7d58af9c

SHA256
f6d8e3f6d2c9e8f5f47b1a793e75520c1ce1362762bf50de35b25c8380734959

SHA512
70f9899ff7c7bb53e97dab753c4143b41027c87b4609b9cfb8ead398002144af2fbf7666d7943875c3c2fabfe82629576f3320b2ecfe60df7fb561b8832983ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5ece064026937a5980da4bed084ea75e

SHA1
4020a7b0993dbeb738a2ab0e3be40f51017fd6b3

SHA256
24243ee1ecb126db7f024b5b3ba279c1bce8b7a35f18cb3819f3d621a534b4da

SHA512
ab916369e7267393e05d8a481616cb3fa6d63fe52531ec8eddb4038786bb6eb8870d7fe32c595172bbf0e4c61d82f17fd19c0e0b433c63280aa3dd534a2e99ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fd01e157-2085-4e02-8dcb-34fac7950672.tmp

Filesize
6KB

MD5
ac726080392f2bd7abae66474b91e28a

SHA1
e6d6ab72dc4a0fa7c9f17d264840b4f1ac8da20d

SHA256
dba0e41c5ff96ff04c514e30ccf2718bb7fa720dcf14c919eea3713c2f1df4ef

SHA512
c093c6fb92c8593a1a5d34dd05a67adcee64e8a6a005dec279eb2c59f74d95bef9c4924df5976e7f42bfdc9f9b75f6e8e8c3004bd900f67b20f90f4bbd179dd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
d7e3934eaeb8dcac3fce24b09940f865

SHA1
08f4f8e487dd80304c92ec335bf16d657c200fff

SHA256
cb9af64c9960775542f180bbd898aa6beb82f33ab12beb2dbae3c878b4e1a1b3

SHA512
660b18e96278277691b4a6d7c57e50be46f289ed2fdc57a5a33cbc5bd0f89982f6a4892e45dc4bf3281fde6c9c20a18486e331e2d2da4d59897be1181749675e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit