hxxp://duckproxy[.]com/indexa[.]php?q=aHR0cDovL3d3dy5teXNoYXJlZC5ydS9zbGlkZS81Mjk5OTgv

Resubmissions

11/04/2023, 07:07

230411-hx28ksba89 1

11/04/2023, 07:07

230411-hxlwlaba86 1

11/04/2023, 06:33

230411-hbf38aah73 1

Analysis

max time kernel
300s
max time network
295s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2023, 06:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://duckproxy.com/indexa.php?q=aHR0cDovL3d3dy5teXNoYXJlZC5ydS9zbGlkZS81Mjk5OTgv

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133256756356512120"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
496	chrome.exe
496	chrome.exe
1972	chrome.exe
1972	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 496 wrote to memory of 1636	496	chrome.exe	86
PID 496 wrote to memory of 1636	496	chrome.exe	86
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 3728	496	chrome.exe	87
PID 496 wrote to memory of 1852	496	chrome.exe	88
PID 496 wrote to memory of 1852	496	chrome.exe	88
PID 496 wrote to memory of 2400	496	chrome.exe	89
PID 496 wrote to memory of 2400	496	chrome.exe	89
PID 496 wrote to memory of 2400	496	chrome.exe	89
PID 496 wrote to memory of 2400	496	chrome.exe	89
PID 496 wrote to memory of 2400	496	chrome.exe	89
PID 496 wrote to memory of 2400	496	chrome.exe	89
PID 496 wrote to memory of 2400	496	chrome.exe	89
PID 496 wrote to memory of 2400	496	chrome.exe	89
PID 496 wrote to memory of 2400	496	chrome.exe	89
PID 496 wrote to memory of 2400	496	chrome.exe	89
PID 496 wrote to memory of 2400	496	chrome.exe	89
PID 496 wrote to memory of 2400	496	chrome.exe	89
PID 496 wrote to memory of 2400	496	chrome.exe	89
PID 496 wrote to memory of 2400	496	chrome.exe	89
PID 496 wrote to memory of 2400	496	chrome.exe	89
PID 496 wrote to memory of 2400	496	chrome.exe	89
PID 496 wrote to memory of 2400	496	chrome.exe	89
PID 496 wrote to memory of 2400	496	chrome.exe	89
PID 496 wrote to memory of 2400	496	chrome.exe	89
PID 496 wrote to memory of 2400	496	chrome.exe	89
PID 496 wrote to memory of 2400	496	chrome.exe	89
PID 496 wrote to memory of 2400	496	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://duckproxy.com/indexa.php?q=aHR0cDovL3d3dy5teXNoYXJlZC5ydS9zbGlkZS81Mjk5OTgv
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7fff30df9758,0x7fff30df9768,0x7fff30df9778
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1820,i,4692294274419289607,5285167793699228082,131072 /prefetch:2
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1820,i,4692294274419289607,5285167793699228082,131072 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1820,i,4692294274419289607,5285167793699228082,131072 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3128 --field-trial-handle=1820,i,4692294274419289607,5285167793699228082,131072 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1820,i,4692294274419289607,5285167793699228082,131072 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4564 --field-trial-handle=1820,i,4692294274419289607,5285167793699228082,131072 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4772 --field-trial-handle=1820,i,4692294274419289607,5285167793699228082,131072 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5000 --field-trial-handle=1820,i,4692294274419289607,5285167793699228082,131072 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5012 --field-trial-handle=1820,i,4692294274419289607,5285167793699228082,131072 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4996 --field-trial-handle=1820,i,4692294274419289607,5285167793699228082,131072 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4856 --field-trial-handle=1820,i,4692294274419289607,5285167793699228082,131072 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 --field-trial-handle=1820,i,4692294274419289607,5285167793699228082,131072 /prefetch:8
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3976 --field-trial-handle=1820,i,4692294274419289607,5285167793699228082,131072 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5076 --field-trial-handle=1820,i,4692294274419289607,5285167793699228082,131072 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5056 --field-trial-handle=1820,i,4692294274419289607,5285167793699228082,131072 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5580 --field-trial-handle=1820,i,4692294274419289607,5285167793699228082,131072 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1760 --field-trial-handle=1820,i,4692294274419289607,5285167793699228082,131072 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2824 --field-trial-handle=1820,i,4692294274419289607,5285167793699228082,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1972

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4644

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
37c9ddca652ce4a9657de43841ab0ecc

SHA1
d6646ec19c6f2deadea1ac5e6b9338d6134fd4a0

SHA256
d936c193a83edead12a277b40373dcccb03d5cca130b7781a8954551e2af66f5

SHA512
56510a9d741b6d231ef30654bf551f9dda0dcb499783d299713a2bc2821d48572da15f39d7108dc948322efd8d0e35a3c0431c113ffd0b95840f39f4a7cb60a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a665a961cf3fb63a4f4ac221ce621036

SHA1
034fc672500bd30af47e6b4bffeb07addfd99e2e

SHA256
b93e63ebd6bcb6c24b6a5ddfb5ceb82f109cd0f4c455372db1c304423f45caa2

SHA512
248355acb75b8159a5efdcaf408560365e49660a72d5f99a8c1b5cdc4454edba0919849fa45a6e080df35aa3766edd0594bd97b11b909674fce052d5b2f67462

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
e28b9e57960856b9a7738945e0f61074

SHA1
20323bb3ee50968f763a77e5524999dba3ef0005

SHA256
89ba5a5353125779f323f82c7428a9ebc2d361eee3821ee7acc6aa52cd0c666c

SHA512
ff93a179d8654e88d102b6e1d66f5345c6c08af8059967082e4f46914dd162d3e89f78687e879b63e6ab1ef4dfb64372358b47fd1a7f2c20917740a93d31f83b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
e2ba2e7c87907d90c38cee4f76a8fbfa

SHA1
2a573b019002082efc0f48f6ade2b9782b1e4bef

SHA256
807ede143fc6076a530aa4d9106678a077412471e8d99244b93ae10b6b767fb3

SHA512
577612a6f9e685e30734348c6f30dfb1c51ee098a62d04f29cf78a1c79d6fd2252733e255f2959f1a1fdc796e638ba0e50822381407f8101d3a79f625954e572

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
2271cbf17b8c1b2782d811685c9508a8

SHA1
27bb68c853c605c1f6f7a52dac56ed36a9d8125e

SHA256
823b6cace8080c4dae83b2dc240e90cc53764a3a221eb1e18794212d9ca3e9a1

SHA512
5e021349aefb623614ddaf27cfc8d68ed4c7dc783c7104c8b8fd3fd327355c534b22b2045a944b98b9fc7ce1e0a3e2d5d89df5fb515595550faf756013740197

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
83c53d6adf0a38869819110259a99b04

SHA1
6318041068136fb0a8b59b55d30a50d3e8d995e8

SHA256
cb6a0efe1e4c2ece470e8be74d9580e5180e77a0a012b5688e72791471da2204

SHA512
ba73c4c72914c9ccbe8ded6f3c7973ea46f48c298e1c543e29be58905d279a4b4fb73cbc1cfe2c3fdaf02c23de321ae2293daade4c83dcf7a488bc8a46506691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3660839f89c6ce17be8b45ac7fe1e78f

SHA1
7657a292d25fef264621b3a3454aae4a81482c8c

SHA256
a9e232519f3d215cc9e084293f694aa0fca278cc5804735d6c846f8fbe1216d5

SHA512
4264b414494b8babcc2523e170b5baabb22f3ddbd28837e06878049bc4072150b8b61bc0bb058ca683e3baed509f74baee382c6c5221ebfb5262c13989abaa6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
94d73c887dc08699f5f808a9e1577a16

SHA1
4de8a64b7fab58274a514458bf4ffffbd4bfd974

SHA256
b7d7a5b6da9e1683bc879b64cdfda35c2e2ac9b8ca193d269a0b4c4ad04dcb36

SHA512
d75018e35e6e1ca99957c368914408fd997a838fa44af941ae9fa373744de3aa1a4e951b8167e5920b7aab64906b96d76612f893e8c0ddd15b219b4039e6125c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
1adccdc8267b36a83ec6ea0836af0769

SHA1
f3a354ce40717d85dad449084d5b472457c3f28c

SHA256
50a43055d2b80f1b707ab0881c4354f99df68928cc7c03de47b642efef9c7369

SHA512
2109d29b21b1c15bce3f91e6bb54c12e1fce84d1e7965bfd1e5992cc382d277b0a2987f46d91a0fa23dd72d2023be744231211f60e88f90ab13dda74386d9a4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
22eb4ac8894718b5b695005554762835

SHA1
5a2485b26afa90da53addd64355fa08d899874a4

SHA256
dd21b8aca464626db688c9c53d3b5699aa7cb2e23d8e31b119179e2e497bd7b9

SHA512
e2660fca8e4e45dc0c587f28408c796a0439a4ea71de7caa99026b66c4d5eadd04eabaaf1b4a9f9f90a591badf95aa33d7590384932b2e41e0e3da2266ec60d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57b5e2.TMP

Filesize
99KB

MD5
055a74c0591ac385114db4ab3717f5c1

SHA1
dedb48f269aa5c144755fd81256a10914936d987

SHA256
812c01cea14b77efa797d1346338641a3c5975da4f0040e2c0ab34691708a7f3

SHA512
76575f1a6026f9aadab1e5eeeae5fdcab2c9f283c848fb71e601e8c6972b398efa99c23baba539a06e7d3dffaaa99373c98a444eba274c9b70ac6b618612b5f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit