hxxps://ncv[.]microsoft[.]com/ipVjKQScTK

Resubmissions

13/04/2023, 21:07

230413-zyhc8sec47 1

13/04/2023, 21:04

230413-zw3amaec35 1

Analysis

max time kernel
311s
max time network
308s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
13/04/2023, 21:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ncv.microsoft.com/ipVjKQScTK

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133259009119245287"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5116	chrome.exe
5116	chrome.exe
2312	chrome.exe
2312	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe
Token: SeShutdownPrivilege	5116	chrome.exe
Token: SeCreatePagefilePrivilege	5116	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe
5116	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5116 wrote to memory of 1752	5116	chrome.exe	84
PID 5116 wrote to memory of 1752	5116	chrome.exe	84
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 2216	5116	chrome.exe	85
PID 5116 wrote to memory of 4704	5116	chrome.exe	86
PID 5116 wrote to memory of 4704	5116	chrome.exe	86
PID 5116 wrote to memory of 1120	5116	chrome.exe	87
PID 5116 wrote to memory of 1120	5116	chrome.exe	87
PID 5116 wrote to memory of 1120	5116	chrome.exe	87
PID 5116 wrote to memory of 1120	5116	chrome.exe	87
PID 5116 wrote to memory of 1120	5116	chrome.exe	87
PID 5116 wrote to memory of 1120	5116	chrome.exe	87
PID 5116 wrote to memory of 1120	5116	chrome.exe	87
PID 5116 wrote to memory of 1120	5116	chrome.exe	87
PID 5116 wrote to memory of 1120	5116	chrome.exe	87
PID 5116 wrote to memory of 1120	5116	chrome.exe	87
PID 5116 wrote to memory of 1120	5116	chrome.exe	87
PID 5116 wrote to memory of 1120	5116	chrome.exe	87
PID 5116 wrote to memory of 1120	5116	chrome.exe	87
PID 5116 wrote to memory of 1120	5116	chrome.exe	87
PID 5116 wrote to memory of 1120	5116	chrome.exe	87
PID 5116 wrote to memory of 1120	5116	chrome.exe	87
PID 5116 wrote to memory of 1120	5116	chrome.exe	87
PID 5116 wrote to memory of 1120	5116	chrome.exe	87
PID 5116 wrote to memory of 1120	5116	chrome.exe	87
PID 5116 wrote to memory of 1120	5116	chrome.exe	87
PID 5116 wrote to memory of 1120	5116	chrome.exe	87
PID 5116 wrote to memory of 1120	5116	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://ncv.microsoft.com/ipVjKQScTK
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbcab79758,0x7ffbcab79768,0x7ffbcab79778
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1800,i,9223066951148169351,10332757866270127474,131072 /prefetch:2
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1800,i,9223066951148169351,10332757866270127474,131072 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1800,i,9223066951148169351,10332757866270127474,131072 /prefetch:8
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3208 --field-trial-handle=1800,i,9223066951148169351,10332757866270127474,131072 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1800,i,9223066951148169351,10332757866270127474,131072 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5028 --field-trial-handle=1800,i,9223066951148169351,10332757866270127474,131072 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=1800,i,9223066951148169351,10332757866270127474,131072 /prefetch:8
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1800,i,9223066951148169351,10332757866270127474,131072 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3768 --field-trial-handle=1800,i,9223066951148169351,10332757866270127474,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1124 --field-trial-handle=1800,i,9223066951148169351,10332757866270127474,131072 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1604 --field-trial-handle=1800,i,9223066951148169351,10332757866270127474,131072 /prefetch:8
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1800,i,9223066951148169351,10332757866270127474,131072 /prefetch:8
  2⤵
  PID:3920

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:228

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
714f2ce41c9e79bda1161168e14ef560

SHA1
7d86e12539b476ca8014e01a702dc1a7f1899b9e

SHA256
336e99fb50aa29f63f75573120d8e17246f29bbcbfbdcd5822b6cad86f78a5d6

SHA512
b1b2582fdf9dd5445e45e0035a3504159cb039754e84802c2f9fd14ce1b40601285feabfec5e58a9bc3ea641dceca4489edf0ddcac904013cd0383146fe1a318

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
797aff505012480d4c46c94109dad20c

SHA1
39b6da24b388539c5aa8964a41504248ae9210d1

SHA256
6a88bbd36dde8113945bb8ace3276ad5b968793a36922c510df3a8fdfa1b44f7

SHA512
7c1593351436338d891153e2f3a06568101b4b447362a77dfe5ed6da983111d074b018ab9712f969b96c8d68903b507637bebbe310777c6445a1c82ae8994733

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9af426ddeaace7007a93e73b1ef581b0

SHA1
194d2f80a4c1eaf39e73981746602ab26b21175f

SHA256
b46c80f83d900ba040483fddd0b399c0616ded030d91903c9a94d27ea24de50a

SHA512
2387e96c39d457f66816b50c8bce689a9f457a1f01fabdc159e9df762b4d41bb37cd2553265c85e22c0fafd6bc194e5c7933f0bc508ccd3bd761959ca71a83ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
0d1ead8c1e41d3bb1e312fa7a780283d

SHA1
a5b140cac7abb9896c99098825e5c303d2ea7546

SHA256
d7b0aec47582988af38b3143fbf55d9b6ec37a10d254143ade8b53b6566590a8

SHA512
e82e1f2538572dcfb766c41b720fa6756122ada27b34249fd0c0a607bf3dd26c355b5899382b1fdb305abb2d90a78dfa1647590b0469647e44330d6667a67d9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
b931fb7467578c149a34ec975317936c

SHA1
635fab6b391c2753bb165b265bfd71ca78ad3116

SHA256
9dfd552c6fbe28e415093e6dc1ba6821e87436624fc6dcdd1a7c4888a026f028

SHA512
f2631eda673f89fcdb5af08e8ad7f8399d1f9702a2559aa76cefba1927d0d75d62c6891b060a6f6e3017287db4c34fe1df838ec5db0fad9d76af8d7c6a13e76d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8b2ee965ecc7203d11401a308176e8dd

SHA1
ad9450dedb5aed67658f93c0fa4362b80c0893df

SHA256
89b33a5ae6b49e8b536532a47a89732c2ef1a95f0398f5e6c2d69b48a8e53cbe

SHA512
a2745a4f47114e957f1d51d731fb0632f85197c9c97536a8daff754c650d73f0b971e96e9ec4fa33386be6e1031687cbbe850a9b5c2e28c2e56a42c821c62ab4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
36abf5d19a0e1c1c58da0bd76678700b

SHA1
7d08f3aefbe9b8d6fd8f6a9ed45639a12aeb6854

SHA256
88237c37e00551e9f25a6dec1120230847acb6a5eec2f6e3cfa213fa006f8c69

SHA512
28d993f5b194fedd53ccf96e7a675e5b45746639637d638e31564fbbe227a97d700f37c18f1c87e0b01c7ba23e498c549c529f16e8eb0710a1ee79e1bb069cb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ad7f67ed8f6ce6c6c504fb8d9819d96b

SHA1
1d50bd38e8ce72f625f113c3ea1ac2ae4ab0b604

SHA256
fb80699218042d8326955ff109b0a1b9cc81909dd467522e1f3a9e99a1808b6d

SHA512
7c639b080187b6137792858c38bcf153c522d6d6d5cd192fa372189cac5a4a1cca3b06529f4f6ddceb4336549bb7f543948a2ea1c67ca3e1753f8e2246b74b97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2e0f8ecf90bb24bb5d66990ec739083c

SHA1
0d60f48c1f1503a9bc25cec8e9bfbeae7a635f71

SHA256
6d35354379c9fb4dff93c42ce87c66dfb8681b115f573f5eba3612de72e137c4

SHA512
99bc0fb067ca23565d70d556032c72ecd619dce763bad9a253ef17fd5e13a8c5d9836a30f2dead67bfd5a47d434680cefa910869ec426ac09873ea8fd07f5e09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1f05c897645aae6711057369d92b7f49

SHA1
46696fa453cf1ad1a2ce4f288dc719f49d141a4f

SHA256
62fb753a20082fbadaf1b0ef8586285cbda22d691728f8c46eecaf07ed072ad3

SHA512
ef02ba2e5e9baef651923cb8cab69077efd3a5c2a2f94f48449e0158bb649da458c480b1d0de7827a2285f8edee330b2c9605dcdbbbeac58c29a156946323473

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
00f4c13fce7f4dab2f8de663eacb263c

SHA1
afc63ae2cf6dbc458c2841fef77aa68cb813bfd1

SHA256
016ed3bca75ed3efb331a1a76af49d2fc8e00c013a0a96816012a60925a9af08

SHA512
37789ea048b16088783884d1d3e65aa09c4c6dd6014fc1826b9a786c9929a38d6eb9956e7d7b8c2804f4725067e58bc024eb0973c9f8e2d0fcaab0d04fd309f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
4d987e0f274f64491676bf7fdd315db4

SHA1
3ced9f9579ab287fb024a801dd8c64a81cecf984

SHA256
335adcd2d77ea4f2cedea4249796a871af74974e8e70844e749bc898da70ebb4

SHA512
d4c1f32f6548c06b7f5cb8953f3e40dabb5483f162f35577bc7eddb6e6a94478adbd98e77bb955fe9c52247e2770ff38e70a363ff1ebd72c0aeaec2e875fe11a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
62380644ebe9ae140c9f216068969090

SHA1
dfbaa16f282aadd01482ebebf6146c513f15f537

SHA256
50fa3ea893bbfa20848869430736064e21cf1ad6f4004441235a1edf881e4cd8

SHA512
8516d89deda248c5b98167bc104ebbdac84cb50fff13f3ddd7361a1d3f85887962e45081e540b851a4fb869307fd78bd8895706c572a19b4db2725144de59b14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe593639.TMP

Filesize
96KB

MD5
6d09f42583ecc5c35e76d5c6618c193f

SHA1
833846063518ca2c066313799db22a81b951bbde

SHA256
660dda23e908ae3dd3942a8a7c101da15fd7e5b0ddd276b8b247af39d13e8b9c

SHA512
d8713bb54c6d70e7c54f4e8c560170b5584dbe61c0060dcb7feae9639e843233d09c0a2bf429aabec65949a013d7560c7441587b818aecf5ea70b73fcbabdfd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit