hxxps://bs[.]serving-sys[.]com/Serving/adServer[.]bs?cn=brd&PluID=0&Pos=20&EyeblasterID=1086486580&clk=1&ctick=00484900&rtu=http%3A%2F%2Fuwawnz[.]bsydc[.]iepsantalucia[.]edu[.]pe%2Fc2hlcnJpLmxlZUBydGQtZGVudmVyLmNvbQ==

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2023, 21:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bs.serving-sys.com/Serving/adServer.bs?cn=brd&PluID=0&Pos=20&EyeblasterID=1086486580&clk=1&ctick=00484900&rtu=http%3A%2F%2Fuwawnz.bsydc.iepsantalucia.edu.pe%2Fc2hlcnJpLmxlZUBydGQtZGVudmVyLmNvbQ==

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133275441226844791"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3664	chrome.exe
3664	chrome.exe
3652	chrome.exe
3652	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3664 wrote to memory of 628	3664	chrome.exe	85
PID 3664 wrote to memory of 628	3664	chrome.exe	85
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 220	3664	chrome.exe	86
PID 3664 wrote to memory of 216	3664	chrome.exe	87
PID 3664 wrote to memory of 216	3664	chrome.exe	87
PID 3664 wrote to memory of 368	3664	chrome.exe	88
PID 3664 wrote to memory of 368	3664	chrome.exe	88
PID 3664 wrote to memory of 368	3664	chrome.exe	88
PID 3664 wrote to memory of 368	3664	chrome.exe	88
PID 3664 wrote to memory of 368	3664	chrome.exe	88
PID 3664 wrote to memory of 368	3664	chrome.exe	88
PID 3664 wrote to memory of 368	3664	chrome.exe	88
PID 3664 wrote to memory of 368	3664	chrome.exe	88
PID 3664 wrote to memory of 368	3664	chrome.exe	88
PID 3664 wrote to memory of 368	3664	chrome.exe	88
PID 3664 wrote to memory of 368	3664	chrome.exe	88
PID 3664 wrote to memory of 368	3664	chrome.exe	88
PID 3664 wrote to memory of 368	3664	chrome.exe	88
PID 3664 wrote to memory of 368	3664	chrome.exe	88
PID 3664 wrote to memory of 368	3664	chrome.exe	88
PID 3664 wrote to memory of 368	3664	chrome.exe	88
PID 3664 wrote to memory of 368	3664	chrome.exe	88
PID 3664 wrote to memory of 368	3664	chrome.exe	88
PID 3664 wrote to memory of 368	3664	chrome.exe	88
PID 3664 wrote to memory of 368	3664	chrome.exe	88
PID 3664 wrote to memory of 368	3664	chrome.exe	88
PID 3664 wrote to memory of 368	3664	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://bs.serving-sys.com/Serving/adServer.bs?cn=brd&PluID=0&Pos=20&EyeblasterID=1086486580&clk=1&ctick=00484900&rtu=http%3A%2F%2Fuwawnz.bsydc.iepsantalucia.edu.pe%2Fc2hlcnJpLmxlZUBydGQtZGVudmVyLmNvbQ==
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb93709758,0x7ffb93709768,0x7ffb93709778
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1876,i,14743864191981296797,17450201088454850257,131072 /prefetch:2
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1876,i,14743864191981296797,17450201088454850257,131072 /prefetch:8
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1876,i,14743864191981296797,17450201088454850257,131072 /prefetch:8
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1876,i,14743864191981296797,17450201088454850257,131072 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1876,i,14743864191981296797,17450201088454850257,131072 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4784 --field-trial-handle=1876,i,14743864191981296797,17450201088454850257,131072 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4776 --field-trial-handle=1876,i,14743864191981296797,17450201088454850257,131072 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3504 --field-trial-handle=1876,i,14743864191981296797,17450201088454850257,131072 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4784 --field-trial-handle=1876,i,14743864191981296797,17450201088454850257,131072 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=1876,i,14743864191981296797,17450201088454850257,131072 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1876,i,14743864191981296797,17450201088454850257,131072 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=212 --field-trial-handle=1876,i,14743864191981296797,17450201088454850257,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3652

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1272

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
d703eed9f644a2910717083847bfb0e1

SHA1
eb8ee6e5c1753e1633a3ca5e75cd74c536ddc954

SHA256
09fd000b6ef928aefcf66a6c969e9f1ccc16e1df9ff21cc60203e051c61a9569

SHA512
5f84cad6d7cba5ad5704f5178157dbe9facf598143eb916d42f1f5135316c33b3edb55614f0a1c611417eb95e599442d5abf6d75b3a262000010cde8a91df701

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
852787b31b87ce784723461f89ff23e3

SHA1
21fabf29240aa0430073f4cc70344c020ccab59d

SHA256
95b0b0e9d2f83308f5fccd22dbc6557b098fc93bd5946cea53cd91372bb5721d

SHA512
0e2d7e209d418620d3d1e484c20e621d55597801e317a05c98da6929fa7ce7ad8bfebea4c37ee4f338023c270d014b9d7d47a6f361974f9d994cfa80844f4221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b41293672d7e1889fda740f3172dde3e

SHA1
f7e6b1d68a8e90b8751124ebbd91024ad1da1fbe

SHA256
1e076cea01ce02ffdba3f97ef9592a6ccd075585ef205c4d051f977438b4c77e

SHA512
6c077cf329a00ea1a0c3d2438c8fb87dceefeea28ec5b49debcbbca7be6810b061eee9682f886458a98d2a4c79feca83a21f8491f3bba2e225423825ad338147

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7cb0cb511c6d6f662d1966c7a6290fa9

SHA1
b6007f90c8a9cf14f78ee657e96e27595b755182

SHA256
800b70a3babd991c3602cd5f381d30c20d8329ac3534d0fdef45e7d256f7d0cf

SHA512
6db00fb056c2273317f6c6325b3054d8be2746c4e66fdf5e05174ca93ff8e83f9cbc78b1e889d2c54a7e49be46413ca0c36cb9bb523503fc7fcf6b9a81366f6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7919c26de0b922428ee9ee93b5087821

SHA1
7a69ad848f2e4cfcd77a221af2823b2a748ae8d9

SHA256
ab4fba7543ad33bc93598dccad0e12d5ce79ab988b2749597ba28c6c001c79ad

SHA512
dfb87323892dd8d314abebbc0afd18b767494e88b1ecc9c1ab71e49963847c6dc7e768048cb95802bea5a4f28eb20d42cda044f74e7a29cf3e07292be93e3c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
31a4f458659d1d91efc328f6fdac1c3c

SHA1
2f1b141b6ca75b59fbed94c5eb5a93aa9d62dd22

SHA256
5d006daf5c36a4051c48d35cf7602f4cced173475be4ab57c7c4fa4ffe41ae15

SHA512
5a4ca59f21e8b31759d3deeeef2680b3ea303f48cd5d2085f9f84323e5273b8dfc2aafe890cba655df91e12e3b86558106e5b45cc073caf68c15349d26e1b1da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
556ec6828654f4b18742f83e02899ae2

SHA1
67196e7ce4a2fafceee3e2e9ef80241ccfd30a08

SHA256
4289f2270a1299b329ee383a798426fe6a9c073d69e3578f6622c4ba6f85c3eb

SHA512
178b4c1f1061d231cea10a4bfe9b6ec39d9a7402099b2dfd1d3ce456fccb6247d36d7288d7be7d38ec6945feec94ff242a730983f1e1364525d014c0e9f459ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
909715534a841907f1ba6a5a66c48c19

SHA1
888465f8dbeffa6d1841ddf67fa5e5dce31a3e0e

SHA256
4a769593659bc9d1ebc74ecbf498cbc86519c98f97834cf9b1a498d07047eed7

SHA512
4567da38de7fa63ab08640becbe21a2ae77dff70aa34ec3077c2e55e48d18e33e12e3f594c09edad59c4cda9d70c609453dffc3806ffc0dc7d12e3098e15faff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
ae322cfab9b7ad2139ce3828d472db8d

SHA1
1fa4542b2de67726fb1229a090aaa24f852ea40f

SHA256
ac77f26574fcbdac3e1e4e11fe0a7f3d22a12b0dc7264c1d5f231b04629bbd73

SHA512
01590776abbcd4007133d587004d64277c5314e4ff6d40db579730df4ef614dcbfb2699e9ad079e0fa4d7f7179ec6a75023299f90ea50929a0a93175526430fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
147KB

MD5
56d070b73a39c916c15489cec3e2ad32

SHA1
05c0bf1bab9a0fd2f6fd3d8aac174c940ff65ec5

SHA256
76e8101fd774dac793b3d4c671ab35a20612252fb47ce6d1d7fa44bdd09bf1d2

SHA512
0d22ab33298218dce291f5c437afc31f1c4400bf9f0431c842d68dec31c8e7ed018d69e2d3d924e6528b286aaf5374e48cce53669d8e9fd6cf49b77c8bfff0db

Download Submit