hxxp://www[.]equateplus[.]com/

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14-04-2023 02:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.equateplus.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133259192179429343"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
432	chrome.exe
432	chrome.exe
4380	chrome.exe
4380	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 432 wrote to memory of 940	432	chrome.exe	84
PID 432 wrote to memory of 940	432	chrome.exe	84
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 4268	432	chrome.exe	85
PID 432 wrote to memory of 2684	432	chrome.exe	86
PID 432 wrote to memory of 2684	432	chrome.exe	86
PID 432 wrote to memory of 452	432	chrome.exe	87
PID 432 wrote to memory of 452	432	chrome.exe	87
PID 432 wrote to memory of 452	432	chrome.exe	87
PID 432 wrote to memory of 452	432	chrome.exe	87
PID 432 wrote to memory of 452	432	chrome.exe	87
PID 432 wrote to memory of 452	432	chrome.exe	87
PID 432 wrote to memory of 452	432	chrome.exe	87
PID 432 wrote to memory of 452	432	chrome.exe	87
PID 432 wrote to memory of 452	432	chrome.exe	87
PID 432 wrote to memory of 452	432	chrome.exe	87
PID 432 wrote to memory of 452	432	chrome.exe	87
PID 432 wrote to memory of 452	432	chrome.exe	87
PID 432 wrote to memory of 452	432	chrome.exe	87
PID 432 wrote to memory of 452	432	chrome.exe	87
PID 432 wrote to memory of 452	432	chrome.exe	87
PID 432 wrote to memory of 452	432	chrome.exe	87
PID 432 wrote to memory of 452	432	chrome.exe	87
PID 432 wrote to memory of 452	432	chrome.exe	87
PID 432 wrote to memory of 452	432	chrome.exe	87
PID 432 wrote to memory of 452	432	chrome.exe	87
PID 432 wrote to memory of 452	432	chrome.exe	87
PID 432 wrote to memory of 452	432	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://www.equateplus.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa03a49758,0x7ffa03a49768,0x7ffa03a49778
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1756,i,2942519148309999100,14513895040802904714,131072 /prefetch:2
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1756,i,2942519148309999100,14513895040802904714,131072 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2156 --field-trial-handle=1756,i,2942519148309999100,14513895040802904714,131072 /prefetch:8
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1756,i,2942519148309999100,14513895040802904714,131072 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1756,i,2942519148309999100,14513895040802904714,131072 /prefetch:1
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4524 --field-trial-handle=1756,i,2942519148309999100,14513895040802904714,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3148 --field-trial-handle=1756,i,2942519148309999100,14513895040802904714,131072 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4932 --field-trial-handle=1756,i,2942519148309999100,14513895040802904714,131072 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1756,i,2942519148309999100,14513895040802904714,131072 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5212 --field-trial-handle=1756,i,2942519148309999100,14513895040802904714,131072 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3964 --field-trial-handle=1756,i,2942519148309999100,14513895040802904714,131072 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1756,i,2942519148309999100,14513895040802904714,131072 /prefetch:8
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4824 --field-trial-handle=1756,i,2942519148309999100,14513895040802904714,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4380

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3920

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
43KB

MD5
1cd316e920c4b8374a0aa151a1393404

SHA1
cb89423b4af461381762524bae010c3d99dadb9e

SHA256
02ddeba46559c1804af08c2f91393b652c04a6b5f653ed981fa35d1f72899b74

SHA512
dd806b9f80d7d9bce6bd1d7117e3dff220890723fdca5d799d09f4b5ed7b9386eb0f6c4c4573540a283985066ed34addc830cbe2678355e28dee304c15ff79b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
b3652eef2bccbd4f2b6f1a1ea3f2eecf

SHA1
373b50ffdaccdcd0bb5ae02348e6659f859022fd

SHA256
fc0beb7c1610bc6750e3f4b633c0ac265847dc2db659d314bcab9b4b13918c1b

SHA512
9df6b7f35038766912e4516ae8f331eb93e8376df73be006117ce89467f91bd18839af34972be85c936799d8bd08e3079997be6cb546bf7170b489cce0739594

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
a7e75ed57aa3ea659091e961655a88ac

SHA1
cbafb22a79666e4557b42a308e34bfaa0b8d0447

SHA256
372dbd86b85d3157b065993eda393c262bf2090cb19ff4c1e7b8720e7af65d0e

SHA512
171e1e9e89e4e535c18c907bcdc8f380a5176b3807e9d60f7dfb71ac3e7834951e699f5fb246eda7172e57eb45dbc3859ec3924afd2f3795adc145bd67a079c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1b5dade6b17c32bad54e7b84aa587a8f

SHA1
d6352e7a94028d56cbf3b66e1a9d858ceb13ead6

SHA256
83f4b016b781cad171eff6fe00c704b1965509401186e384fc51f7802dd7eb78

SHA512
ba49c602afdc11061645eb01d1a45026ff7daabb6adb00e522d1c40f374beb335109e1e556163220dd5318e065a674efe52b89377077bb3f17055ac9ad2883d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
7efd1f1c732c9f851e8f2d1df5e9b58a

SHA1
abedabb825412add6927dbfb20dd51e63a952397

SHA256
59bd2ce46c8da3a50f0efb68e10ad6d0ff862422eb2b4915dc51dd12df08ea41

SHA512
0140ad3bf72adbaaa354e0880a83ba2a37bde3044d096f8427cb7b30fabdabc78377361cb684d0dd9f45f7e1c1b2d464d6c88155bacaba2776cf07ca30ec7aed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
e9de66b18085ee15778479ebabb5f624

SHA1
5586eea089540c8bc0db4828ba60ef83ef4941fc

SHA256
ced0136a97eb78147c6ad9b3dff180d8ac3375446c991cd80cb05391fffa517c

SHA512
3522987ec73e2b129f9ec43516100014ab0ddec6676406b038dc3173ff337ee0999ee16ba6ea7f4507da7d0db79ba064ecdb36633b8fff98a1a853aafc07a994

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
79e6b5147b46e8d0e8d15e571cac7f49

SHA1
e5deeb92a2354b14ce358d0002b4b2ded8713bc6

SHA256
a4a422e65b99bea404bc3fc41c257f593a0c54a8d70743574b294c1b638e6212

SHA512
b6a42f3807389116fe3669898953d4ba179d1738e277b7b0acca3cec92c3f22f09684f41a8d28633927efe16c6538652e882c859cc8ffea39eed2b2db717e1b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
fd0a3fd68039fe751e7b72741a63366f

SHA1
1f931f2b103e588cd816cf06823974418db5f719

SHA256
806e76bf3c6c0154e0705d2a03adaa2aa41a2661a04436471fa4cadcec320db9

SHA512
4088e3533255736d304bc445fe1c40ebaab925cc1d67f09cba3376273762f715931a454327f59cb46fd4591c9cd11500613682e756a8d238da5cdf40fa892de9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
603870dbb8083873613ce0abf25b93c5

SHA1
943280061117ec78d38e7a9817b9a173c242ec02

SHA256
168c4869124d9e0e6ea36945ee2212b964cbb4f8a8f0fde4bb4cc354895dbdcf

SHA512
7ba58034f67e9ddf95c7774dad3191ba4420639e57e1cb71dcc158a2e46e4aa4144f47c26abd6589dcc4c5276143bc8302c55b974463355c4380182902467581

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4c8454bff0e05a4077339f31886469c2

SHA1
86a1710778518817728d1c310cd62c5461ffec1d

SHA256
e937de7fdc3780cda0530cb51d3a69b603e75c2f88fc8caab4bc339bead709b6

SHA512
a5ffcbfd79942a447a9d06e86e4cb0d743f8a21fcc11a7eed18a155c2637f3656005dae5658541b55715205c53c18c7c74871c7e80805fbbb8ead2ca3ba6a295

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8738487c4821cacb28ba5b66d3f03072

SHA1
bdb9f4f4ef21941829be7153a16fcb92e6fd7549

SHA256
2cf26f6a8171448d7000266004451e52ba3eacf9eca03e364f32aff8dfe62aae

SHA512
37541ccd01a878df2cffb9916f57831ee7c180c6b058251722974a49f27618acf6d879dfb91c747a7ad81fc28b144056f055a6dcbe0062e77479e8bca4d175c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ea37cb888a271f4b14f9539d70afee0e

SHA1
bf21c658a3c64d3c2b2b00af4c0c584087ebe3ae

SHA256
ae88dd232944ab0630318c2e22662aae0f85309be60257a083356592f96dcd9e

SHA512
72b1c09d9288804a53f5f1a38e544081b2bf93b002ace05a63c971948cd2f1dd2c7f66612110af00c5c39c16b1e1ca2a70a36dd23fc17f9786d1cdfc73e948bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e30c78f6a3a78e8a954cd10eaf9cae12

SHA1
cd26de54ff0b5ee7d7b370cc4e7f3a7a753c7f12

SHA256
e3643411ebe22b521e6a12407272b865328ff83bcaf1172cdc2acc80ac13fed0

SHA512
dcfabafeedd6ee68978330c826c7c545857221d3cec7ef8a57881eb1d29e31fce369769774750a26845f00fcad742dc608753b3defe4827135ad1b47023eecb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
360c6a040d2eee34e4da755f03b9e492

SHA1
6f44b3cb31fe94ed82ed45c3fc189dd5fb6a80f9

SHA256
f41a287ce72499caf20127060e030223941ebad523f43e21700b2e45b7ab8a6c

SHA512
ce235f054d69b02eb619a3aa84ef3c32860f832eb5df8ea9225cf69f179a77ed364e7d5d8220de2747617ab13fbfb42bfb44546cfd9c02d284cf28a26febbc55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
9fc88ba36e01a346f260a37ada34a1c6

SHA1
62203668e7aaee4c093afbe2263cd7b9b25a0b5e

SHA256
e4292fb2aac65846949738d81359b05efec9091296b0817a23af840331827d74

SHA512
48f14027cf6e216e6c7de6c99de1e326bc1725ec0af5fc1791b2e17d6ce47e9f7ed08f195ab6c4cfbf31150d35221ba1bc4afb4a9a17afc984d2f36c369b7145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
fe66057c6e953edc03b27d274f3c5bee

SHA1
0c7fb50d32702accc0c1ca327432dabae72b5a13

SHA256
c0d5320c3960a22aff8dd1852cbd7708dbe45e9519a91e21b7a5aa3ecdb1cf27

SHA512
59174b8c3b3978ca0d5162502845d5e159252d81e275ed6159da69d683df73ff3d4846f99ea8a7268fd532c03d1ec9f1ee193f14cf16d9422573b590726a45e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5762e0.TMP

Filesize
97KB

MD5
746ccb95b89a6c842153a02d7d11437e

SHA1
35df98ce5f2010ea53cda7d3f38261c02a0eba95

SHA256
60c3c4a2519c8251f10c91fda7a62233183ba4bd562432f6316b8f0e201ead98

SHA512
2ff464def7b612f37036e4ac035b4f9998f802320c77d8cd7ed5ad37eb7f8d2a4970c06f4eedeb2049426a5833aab6ef64c41d48baa734208879ac12a56ff6c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit