hxxps://wicovers[.]neocities[.]org

Resubmissions

01/04/2023, 08:31

230401-keytjsgh86 4

01/04/2023, 08:27

230401-kcxtgagh78 1

Analysis

max time kernel
150s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
01/04/2023, 08:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wicovers.neocities.org

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133248185274065016"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1013461898-3711306144-4198452673-1000\{FD29BACC-A44D-49EE-BE62-821872546AB6}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2728	chrome.exe
2728	chrome.exe
3384	chrome.exe
3384	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: 33	4636	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4636	AUDIODG.EXE
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe
Token: SeShutdownPrivilege	2728	chrome.exe
Token: SeCreatePagefilePrivilege	2728	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe
2728	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 4876	2728	chrome.exe	84
PID 2728 wrote to memory of 4876	2728	chrome.exe	84
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2904	2728	chrome.exe	85
PID 2728 wrote to memory of 2708	2728	chrome.exe	86
PID 2728 wrote to memory of 2708	2728	chrome.exe	86
PID 2728 wrote to memory of 3964	2728	chrome.exe	87
PID 2728 wrote to memory of 3964	2728	chrome.exe	87
PID 2728 wrote to memory of 3964	2728	chrome.exe	87
PID 2728 wrote to memory of 3964	2728	chrome.exe	87
PID 2728 wrote to memory of 3964	2728	chrome.exe	87
PID 2728 wrote to memory of 3964	2728	chrome.exe	87
PID 2728 wrote to memory of 3964	2728	chrome.exe	87
PID 2728 wrote to memory of 3964	2728	chrome.exe	87
PID 2728 wrote to memory of 3964	2728	chrome.exe	87
PID 2728 wrote to memory of 3964	2728	chrome.exe	87
PID 2728 wrote to memory of 3964	2728	chrome.exe	87
PID 2728 wrote to memory of 3964	2728	chrome.exe	87
PID 2728 wrote to memory of 3964	2728	chrome.exe	87
PID 2728 wrote to memory of 3964	2728	chrome.exe	87
PID 2728 wrote to memory of 3964	2728	chrome.exe	87
PID 2728 wrote to memory of 3964	2728	chrome.exe	87
PID 2728 wrote to memory of 3964	2728	chrome.exe	87
PID 2728 wrote to memory of 3964	2728	chrome.exe	87
PID 2728 wrote to memory of 3964	2728	chrome.exe	87
PID 2728 wrote to memory of 3964	2728	chrome.exe	87
PID 2728 wrote to memory of 3964	2728	chrome.exe	87
PID 2728 wrote to memory of 3964	2728	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://wicovers.neocities.org
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff5dd9758,0x7ffff5dd9768,0x7ffff5dd9778
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1824,i,13496437643068112634,7011348296527014009,131072 /prefetch:2
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1824,i,13496437643068112634,7011348296527014009,131072 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1824,i,13496437643068112634,7011348296527014009,131072 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=1824,i,13496437643068112634,7011348296527014009,131072 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1824,i,13496437643068112634,7011348296527014009,131072 /prefetch:1
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4472 --field-trial-handle=1824,i,13496437643068112634,7011348296527014009,131072 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5344 --field-trial-handle=1824,i,13496437643068112634,7011348296527014009,131072 /prefetch:8
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 --field-trial-handle=1824,i,13496437643068112634,7011348296527014009,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5608 --field-trial-handle=1824,i,13496437643068112634,7011348296527014009,131072 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 --field-trial-handle=1824,i,13496437643068112634,7011348296527014009,131072 /prefetch:8
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1824,i,13496437643068112634,7011348296527014009,131072 /prefetch:8
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1824,i,13496437643068112634,7011348296527014009,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3384

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2200

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3b4 0x248
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4636

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
35KB

MD5
fbf149f3cc52c0e994c22360da1fdc3c

SHA1
71c4a5d6a47d01dcb40c659951b5ce38faf1fef0

SHA256
53e46cc83cf44a5dce1b018be9011952eb7714f2949757cfa2e3efde44112dd0

SHA512
9046410e4bc370c68e98c5c00875469bf667cec7bfb14046df5a8547be292153d3621da4f1bc4ed583b044f739a3e56dd9f0fc70bd79196568aca2949501d1e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
b9c0d14e732cfd2c0af9aa99dbeb0be3

SHA1
83d40d9745b464d50c58a13526000c96dabd9664

SHA256
dcdd6e0d210b7960b9f20ab77428c590473954cd9cb2da0203ac7452080cd1e3

SHA512
6c25ec4bfaae81539304cf847573324d6aef06a3ed53a9dd9d01e04b52e524270a697a58214633ff3d260b85cf54907f847687007034febaed383f03a46ca206

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
429d523ad004a1b22f35c40fe52bab6f

SHA1
5a9851ebabd73fbccaed3861c487e694a06084aa

SHA256
e2e8706d8de17efd39067afabca331bed7345cfe9dbef129f567d987b6c13a8d

SHA512
de2ed80d437f3de55723846ea41f1a59d487186b52c8dc7f86043c22acf8ad22e8674cd6c3c3b7d119010f9f7d39cb0300317183b0bc9c11e092f27db35bf296

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
04f9bec1bfecb8c2449678558f71f773

SHA1
c1e9b83061eed77024c3ab333b18ad3d47fe50c0

SHA256
5357fba3a87e45f22e8d16fc6d0fc26749f29f320fc6f6b13b1185cf4f84104a

SHA512
1c84ba66d6808e92aba4390fa19ee2814d14d2ed46b2305b8e97144f075406e45718ec4663321e372b7940defa85d2dd9cce116a5dc35f85085d1c92094bb014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4cd7414dd846217eecbeb07477cfdc34

SHA1
59c8ae8b6c7dbb417cb2a9d5ccfec833b0e1b007

SHA256
f96342981d89eb4d459d168decb59359c78d09b13875e36e324120c07b34b8be

SHA512
c9fb099a345cfba2774178ed702b9fd974f056b2c12dae07e5a461585a7ba2ed6af7ac7b34f2fdd9633b377e6f3e3934f4dbafd9fe302cd1818e195feedf10a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4e9dbabaff01d8f716f4e68bba7ff8f6

SHA1
099da896673933678e69c4db4fe7df96b8fe6c32

SHA256
e7c069a2a6c12cd31e963ed467a9236c3b555f3d42c203c4f778144cc606cc41

SHA512
51eb122965eca6acf251f20cd53ff4957e8051e74ec142a59d8273e1122488fa50a7bcade712855205c2aeb19373b7be1ce95e95290ab1d6c9a586efd24d732c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
a99f8c1bfb2a4dc815543ba53882481c

SHA1
e28b73985d5876189ffc49636e2188f8c9885387

SHA256
2011dc4b3db47ce60e99034f22f41b990afe884a7c3984db4440548873eb5779

SHA512
855276a27c0d2487ec6ee9a8a1ec2b1b2dcdbe7539a0882e9b0e136363d16a0378a5b9e7e118b9bb3901f805f281d624916d30733a33a8f53daae2ac8931b0f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
efa0c7f7c395e1dcdf600a7662f64010

SHA1
7b27515ae93018a67a31a80df59aa6692ffdcf70

SHA256
72c411b7260aaab7ef8c8104db6c8b6566f9e917a9653d8519b1245577ec5efb

SHA512
4f4c34c8859e9a2d65b0f8c80055b9ff17bfabac6ee43a5012c25d06ac6a2c85414ccd24e7520e7b98fbcd9d2a48d88bcbad28aaed38ef15a77d6bc75c2f74a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
07961430bf23f3762b38ac187e2bc207

SHA1
896eb74425e30559963946b97912c3e80bea4a28

SHA256
b7dc8e690ca18d5a49ecd72265d545c2c2968f24bcddbdef3c151564582ec23a

SHA512
90c466e92d8afa462e4eeb7408b5f918f0eabcc568341c2f388651ea5564c1f2589d0d178a6b1b0f4a270092be870ab18fabf9daceee766c3ddbccc3b870dd19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4c3960413caef26335e653ea5429c9f4

SHA1
9033e701f8d6c51c85c1941cded9fe60d023f607

SHA256
b403e1a0bf8a265abac373d0cb3beacc7184ef26a36bc2f1205c7facd98e1068

SHA512
fc770be04080e50d4b3c6462d5683743743052ad631dd8e3475a69659df96d59acf7666011961b2b151e502bc341e0216ecd4422e1ce6c73743df31a928804f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
74B

MD5
73a465dadf426a1816e6124332dbbe2a

SHA1
9016ee293d948b12d364e9eeccf7eec06a1aa032

SHA256
60ebfbe19e0b00485e81b7fa15d8988ac37bc2cdfd734311d3ee4b24f562a8bd

SHA512
e55d2a34a093562bf8cf9d051dcb7b1bdf459a86cdfde578ece91f76ec18f7fd1007db5c93dcd9864fb97dd7d5d7581ec6bbfb0d0e867e04290bf434935725f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe56acdf.TMP

Filesize
138B

MD5
c9bc3d27012d5ee3acdf04dcea41b2bf

SHA1
fa4dc9453036d5afafadac514978ebfb5b0ac226

SHA256
2085ad41d8149bbefc7df5005a44482211696c05de4803cba0783216925857e4

SHA512
9f8809813600d7205b42efe768351339fa07a17185b3b118b5174383406ad789e10b55a551f6086b7e0a3257b8b6b580f12c95ba45b8ab2430ece5ee5a03754d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
b73b572a4d3b1378eea9da34f1e3f6f5

SHA1
4f4e46331fbc12fbbebbc1a9f9b422937396b857

SHA256
477966f1dc38bd4c71d32f46ea22f2fd6757cf2f4d0ed4b48c5c06e85d690626

SHA512
ff0bc68a6b57abf16797fb433726ef2c056baa5ba72f913be1e169c6f523cb11d21148006bb4d821fda0bc87d64d45f5802c8d80ec11b435e241f58c4ff6a794

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit