hxxps://btcusa365[.]com/

Resubmissions

21-05-2023 22:19

230521-18yzeafe6y 1

21-05-2023 22:16

230521-164rwafe5t 1

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2023 22:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://btcusa365.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133291884216317990"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3188	chrome.exe
3188	chrome.exe
2220	chrome.exe
2220	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3188	chrome.exe
3188	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3188 wrote to memory of 2076	3188	chrome.exe	87
PID 3188 wrote to memory of 2076	3188	chrome.exe	87
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 740	3188	chrome.exe	88
PID 3188 wrote to memory of 892	3188	chrome.exe	89
PID 3188 wrote to memory of 892	3188	chrome.exe	89
PID 3188 wrote to memory of 1048	3188	chrome.exe	90
PID 3188 wrote to memory of 1048	3188	chrome.exe	90
PID 3188 wrote to memory of 1048	3188	chrome.exe	90
PID 3188 wrote to memory of 1048	3188	chrome.exe	90
PID 3188 wrote to memory of 1048	3188	chrome.exe	90
PID 3188 wrote to memory of 1048	3188	chrome.exe	90
PID 3188 wrote to memory of 1048	3188	chrome.exe	90
PID 3188 wrote to memory of 1048	3188	chrome.exe	90
PID 3188 wrote to memory of 1048	3188	chrome.exe	90
PID 3188 wrote to memory of 1048	3188	chrome.exe	90
PID 3188 wrote to memory of 1048	3188	chrome.exe	90
PID 3188 wrote to memory of 1048	3188	chrome.exe	90
PID 3188 wrote to memory of 1048	3188	chrome.exe	90
PID 3188 wrote to memory of 1048	3188	chrome.exe	90
PID 3188 wrote to memory of 1048	3188	chrome.exe	90
PID 3188 wrote to memory of 1048	3188	chrome.exe	90
PID 3188 wrote to memory of 1048	3188	chrome.exe	90
PID 3188 wrote to memory of 1048	3188	chrome.exe	90
PID 3188 wrote to memory of 1048	3188	chrome.exe	90
PID 3188 wrote to memory of 1048	3188	chrome.exe	90
PID 3188 wrote to memory of 1048	3188	chrome.exe	90
PID 3188 wrote to memory of 1048	3188	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://btcusa365.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc83739758,0x7ffc83739768,0x7ffc83739778
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1772,i,17943598931529370793,13359742617304376897,131072 /prefetch:2
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1772,i,17943598931529370793,13359742617304376897,131072 /prefetch:8
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1772,i,17943598931529370793,13359742617304376897,131072 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1772,i,17943598931529370793,13359742617304376897,131072 /prefetch:1
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=1772,i,17943598931529370793,13359742617304376897,131072 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1772,i,17943598931529370793,13359742617304376897,131072 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5260 --field-trial-handle=1772,i,17943598931529370793,13359742617304376897,131072 /prefetch:8
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 --field-trial-handle=1772,i,17943598931529370793,13359742617304376897,131072 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=940 --field-trial-handle=1772,i,17943598931529370793,13359742617304376897,131072 /prefetch:8
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4728 --field-trial-handle=1772,i,17943598931529370793,13359742617304376897,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2220

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:948

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
46KB

MD5
8e61b705ea52802378b95f58bcf28689

SHA1
cb8d396fa81f38736dbe37bd40014eda233f6ac4

SHA256
595ec6c57372a739a391629914e81e14179f45bacded0c7ff7b070b4e0ec4c17

SHA512
fc0dc9a7ebd02563659714e0037969851cf236f34ab69c06efd1987336cbf963a4c3663f725dc774671de27fd72cb55b8b61bf9b934567409979964b3b849fea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
e35c8283a5661eb999aa8425a4885215

SHA1
6b86d3707a7e5efaa036e46055987329abf6dfa5

SHA256
7bc1ba02f33a5e278c60241f315bdb2e71fc612f03f65727737be54bebab0969

SHA512
774cd7a0e7d8e2fcc322c4288b5cacf4e40716fa11c9c0a8d3601581ae26f65141693bebe84486be2fe61cca05c59fa3fef8d8648137e93ee40034e99cdeb0cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\64f60bb7-c58c-4b2d-a607-4ef090fca1d6.tmp

Filesize
703B

MD5
d56c1415a51cf30c89403da6ce92b913

SHA1
a312e833106dc3a3e9467f1fe9fa15ec19e60da4

SHA256
753db51ab5569f7b51b0b2f8927111ce36fb5628413ca3d32153e5ab31053f24

SHA512
8fea11cadef9f12b5962c44b563d4bfa0c8e44da11c9493eb828c6c1830fb98ae2a15e6b7bd061c99ea23fbd8d7518da2f9242ff7c274cf9b17d074869646590

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9b3f6abad32b22889da13a35e1bbdfdd

SHA1
8fbafaa598f0144e722c8eea242c3d8c2e1ed720

SHA256
b33e38924e180916488921b7dc572bb3ed37d5904b09d78ea76daaf0ebf2688f

SHA512
ed071c353909ef22d74481a182004b49fae69b25b4ba8071d20c8fe8086bef23f5328ca3926ea3c717e36a10b225db572c020a722ccf388dc17563a5a4de2265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3b82c7319020e530cd13624afd2cc93d

SHA1
4b7a142b99cdcc429ca9eb4d7f291a917e70045e

SHA256
ae5440fc37f0537a0930451f2e0fc738d75bac32a68b436a61624aca7445e063

SHA512
55023bab72bf01eb197024811e74608f6a30e6e07334ce8a21e984bc5d0f36e2803d1b6a9715a902c28fa939250f42dd1fa1b89a1cdd579d64daf701007cab16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d8ba7cb49078786cb4d5b83d08ac0972

SHA1
0efe97f8fef8ac51b42555e1e134212fcfe66b0b

SHA256
5c7b9e0bca0bdb50cdac10014e8e8eb8177d1976455403c263824b054ecd2a6f

SHA512
fea78c897cc5c52e443acb7e28f50840533aa212dbffc993b373a378a0df1834486759cc9df548baba5b13dea43403acdb8ad98730d7e309b5521c539afa90d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e1cbfc28ee0706e31e250295d8027bc1

SHA1
063e0f2cc8d9c26a5b9ee40ea9869aed18081848

SHA256
c2442ec033b8bee5f92482fb9dd45cbea29331291735123580d2e47cd3ef53f4

SHA512
2bca5162d630eddf59a44a8368d8dac80d8e4fcf6d6dcdcd1f0a8d10664b7ce206ba9bd0bff28729938ebcb9fa83c31c263737e79c389780e2f96b7f4fa209be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
703B

MD5
960b0082bca0792d01d382ff42594b4c

SHA1
79de964561a74876cafd1d9bd38f6351881fc202

SHA256
19dea53757500324ff4e206a46de70cda94dd9b55de10679da86d8661e82f5bf

SHA512
ae93bb833a9815ccf07385ff43caa246b7cd8dd3261ebbd237fa058bb7a9a011ceeaa8a6e4288d011065527364ff1cb4eee7cec97c4d30b95300bd3257a4696b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
699B

MD5
9672c07ba47940069aa3ac700dba1995

SHA1
3a22de68059d5109617fbbc817f9412d47ca1d35

SHA256
81227bdb1f41873459cc4ba08bc474dfedbbc9e221789d014632b50133df30a7

SHA512
23e9adb631fbc91bd2d419190a758f19bd6a9787b54dceb6f4a021f729d0572fdfdf4d6b7cc599e5d534d95a0b3c8714db37a60bc1b84934bcb8e7ae90488ab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
703B

MD5
adbdd443cbe1367cd0d5de896c51f1cb

SHA1
47623a274e68a9e992510fdb47b1d6e20f478b99

SHA256
2e32fce52b2648928db9027b0d7716506f828f9b6e112730235647c9f2048173

SHA512
3eedbe3f2cad498a193891fe7d35ab129b6e151257775b5ce5ef6b77aacb6ae21817957770c578db85ce30460fa9b3a9cab35c1076926e7d1862337f62f206fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
703B

MD5
2da844581fa3ff8f0e3bd7510ec59b3c

SHA1
1a190537d3a78dbda836a304b33c0eba516b9320

SHA256
f401592231d787cec7a2e8604fe77b6cd2595dd843947f744efa7a47484a64a5

SHA512
e74a2451f5658c59268b850f5cf91ef0d6d20b858c13e3551e7bde6cb6fc9872359a656e92a5b928c0c06ef70b60bd1b8c89e65b69d6a83cf00be2a44908f369

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
699B

MD5
eb9ea13043682633fbc0bf73ee7e7efe

SHA1
e5a91ffedbcb6bed7c25aff7ebd35afaf0d62177

SHA256
1b796df727fbd4d9e1d472e8f44dd227124e37a36163da1d5a9a3669b1e31915

SHA512
24b8dca7162b449b44f897b4c91480990212eb6c4a253044af017ecb00b2744756e2ba6603e250530a3bc4e30df00f822b62c6a547b07f125dee2b3c31b7a40f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
699B

MD5
358791bb829f234eea9407b0ec78ac89

SHA1
b519609fec3f746d356b0c2e24df09214adc5709

SHA256
f80477b512b575d7dd143546253b74b6c4cdcdd26a37df38ff250de1e9923fe0

SHA512
69801b2ecf13e36f05caa10f70a92dd1ffc1aca9efb5da448b30b11d425f808f174ad2eb1f2212193ea559adff8ec7076f8d698d8ed347ab29a1127acf42b4aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
9bd5273b7cb5e17bc000e03e6efe5dee

SHA1
3522382baf342d3892014ebc018eea9412995b98

SHA256
f94588aa955c2a08296c62cc8923aafff7f4659fe63118e07857e4b8869a1786

SHA512
a6bfa1bab7c119fd2dc69f83a27326352c181fc03bbc95a4801084ce9d11bd2ff6170eb17bf827ca5e14525fdd3bb30309cd9c6541ac96a98fd7fdd55c77ae3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
60c50806acfa62f83930640127214b2e

SHA1
26cb5dd6dafbeda77f956d18e56701e9ed5ac77e

SHA256
16f17829133f9b2c4d8f0ced5ff8b6b4030e06f584aef5efc9df6e0a1ec9abba

SHA512
6715e28b79ea8fd4fa9184bfc3c5ba3fcf9c23e66d300c78afbe717dc4cd5783ba6628973035d119c12e4cfb0aba75f166db4934788c8e16ab6a0a2ebe5d582d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
db0be61de62cd3fb70ce68488a646bbc

SHA1
b987902475b26af5f38621a6f54645d2ad4802dd

SHA256
552d85218c70145224d04ba7830143a9edcb35bf19ae46f5b5c6ebb9465498f4

SHA512
317724876e5e1215c6c405dc687e3db8fb52eca87fa7f761da4c0818a999075dc30035926cc04d7b243f0a692fa1198c98efa3013dcb61b7734bd46ab8e8ae62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4ea5fdb04961c85859d03dcc6f3a2260

SHA1
ebb1fc05304f916eabeaae1feae7cb9373b6cd66

SHA256
23360d3849ff7dd62208fa44e6e6e2601758288fbef5fb0b43f3f05c3de844af

SHA512
211b178f6fef921a91fd935ef4b978f857354209e07689e24918140bb0c84454ab44adfbac8df1b79eeb340b2cadd38ae576d34205e7265c7a7958763d5279f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b42a7229727cc0cd3335200c0d14556d

SHA1
1f9c8e9239f2916a65721f52fe0e3f10a0cdf7b6

SHA256
ddda0d2b886d71361e9ac2c6d20c7589d3d5f8209089b5703e17cbd504dffaa8

SHA512
9783744dac9cce8843e9f30eb73bf701733b0cb1052bdc0473345fe5bec88f6d32702d9b0a9a314bc2eb59702acd82251e5113297f5d99331a82ce9b14d7b0ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f8c316646d658440b5596adb929ef9f1

SHA1
7045a9f8bfd28e603fc6109e583fabc271efbe03

SHA256
737708db55d62989647c7bf3f463320da1b9f2112ee5d6161f4b1f432f11a3a8

SHA512
12dee499471023eb112a3da35e296d11e94dc132f996a00a101a298e534dcadd958fcf6d86569a19452f6cd470a4f35e38ff7d764fe9c3ac85395881bdc98f43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8fa3dda0f0f1dc067a462d06c4a6d251

SHA1
8e1a7a0ed18ba8264cd88621c26a2d8552079d63

SHA256
cf7f5051fe5713909985ebd475666dbf1e9472431bf5c6b79d41c06bcf736de4

SHA512
a12c4439f3dd17de36a5a23d537ff46cfccc4dc10ef6d28e71f2215cce84dc7d46ce46b230fbe4db4d6002e579dfdf2255050fc9049a08b35387ffd402d13e33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
5e8e8c857d33aaf73d1959d8b66d4422

SHA1
4dfbd3214c678e9746e20fe75df77513359648a6

SHA256
a191f6ec1260fb98fac7395457d305b18df141585d73c786cc1b1cd6d9f4c366

SHA512
cfe58b40720e6b1327a13756ec3187cd0386f43d7511a79cdce594b6b121398f94d67218d32e2ffa9d5867e7d91161d239794dafcfb40481af6f4495b4c93233

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
ec9e864ea905cd2aeb8aac481219f4e2

SHA1
65166be6c0bde12aed4e73297d4e84033f9c2c7b

SHA256
8f88b239770e9792b79d27fed6fd0c7318750449b92675dd25d30ef4532d8a0f

SHA512
83853f4b90e23d4a2e6ff5d05bfb0f1d8626fa66271c0a5390690fbbf7e6ff1f0ed8f810e39937f0c8ebe09d1fbd02ead5f8fb59754577139f2491be63b5cbd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57760b.TMP

Filesize
100KB

MD5
57d0e9ff8d471e2c4390591de2fbfb62

SHA1
5d856aefea199f6ad6aa810e4be46acaeeac9473

SHA256
70b0d434e9d963dd92a20f5b1ef0f410a66647ff51ba5af4060d644045f9faa5

SHA512
835510ce96cd5427473f9deef437e7b374c04f145d6a55bef98faaa761c50461619e5aa31ff3dda011a011a76da7af19d18ac8d8503a54b597aeb76cf4eefa2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit