hxxps://ecv[.]microsoft[.]com/gAvP2GFWQW

Analysis

max time kernel
1799s
max time network
1687s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
24-05-2023 18:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ecv.microsoft.com/gAvP2GFWQW

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133294341388389395"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4100	chrome.exe
4100	chrome.exe
1564	chrome.exe
1564	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4100 wrote to memory of 3568	4100	chrome.exe	66
PID 4100 wrote to memory of 3568	4100	chrome.exe	66
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 1596	4100	chrome.exe	69
PID 4100 wrote to memory of 3932	4100	chrome.exe	68
PID 4100 wrote to memory of 3932	4100	chrome.exe	68
PID 4100 wrote to memory of 4604	4100	chrome.exe	70
PID 4100 wrote to memory of 4604	4100	chrome.exe	70
PID 4100 wrote to memory of 4604	4100	chrome.exe	70
PID 4100 wrote to memory of 4604	4100	chrome.exe	70
PID 4100 wrote to memory of 4604	4100	chrome.exe	70
PID 4100 wrote to memory of 4604	4100	chrome.exe	70
PID 4100 wrote to memory of 4604	4100	chrome.exe	70
PID 4100 wrote to memory of 4604	4100	chrome.exe	70
PID 4100 wrote to memory of 4604	4100	chrome.exe	70
PID 4100 wrote to memory of 4604	4100	chrome.exe	70
PID 4100 wrote to memory of 4604	4100	chrome.exe	70
PID 4100 wrote to memory of 4604	4100	chrome.exe	70
PID 4100 wrote to memory of 4604	4100	chrome.exe	70
PID 4100 wrote to memory of 4604	4100	chrome.exe	70
PID 4100 wrote to memory of 4604	4100	chrome.exe	70
PID 4100 wrote to memory of 4604	4100	chrome.exe	70
PID 4100 wrote to memory of 4604	4100	chrome.exe	70
PID 4100 wrote to memory of 4604	4100	chrome.exe	70
PID 4100 wrote to memory of 4604	4100	chrome.exe	70
PID 4100 wrote to memory of 4604	4100	chrome.exe	70
PID 4100 wrote to memory of 4604	4100	chrome.exe	70
PID 4100 wrote to memory of 4604	4100	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://ecv.microsoft.com/gAvP2GFWQW
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc448d9758,0x7ffc448d9768,0x7ffc448d9778
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=1748,i,5920737924677921849,5121084991153737554,131072 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1748,i,5920737924677921849,5121084991153737554,131072 /prefetch:2
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1996 --field-trial-handle=1748,i,5920737924677921849,5121084991153737554,131072 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1748,i,5920737924677921849,5121084991153737554,131072 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1748,i,5920737924677921849,5121084991153737554,131072 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1748,i,5920737924677921849,5121084991153737554,131072 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=1748,i,5920737924677921849,5121084991153737554,131072 /prefetch:8
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 --field-trial-handle=1748,i,5920737924677921849,5121084991153737554,131072 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4436 --field-trial-handle=1748,i,5920737924677921849,5121084991153737554,131072 /prefetch:1
  2⤵
  PID:600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1748,i,5920737924677921849,5121084991153737554,131072 /prefetch:8
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3272 --field-trial-handle=1748,i,5920737924677921849,5121084991153737554,131072 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4416 --field-trial-handle=1748,i,5920737924677921849,5121084991153737554,131072 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4648 --field-trial-handle=1748,i,5920737924677921849,5121084991153737554,131072 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1580 --field-trial-handle=1748,i,5920737924677921849,5121084991153737554,131072 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4736 --field-trial-handle=1748,i,5920737924677921849,5121084991153737554,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1564

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4724

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3e4
1⤵
PID:700

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
34fc9d7be922b0249415b0120213deda

SHA1
a6892489631c89524c26fd1d013ec04f270f6d51

SHA256
a957595d6987bf0d24cab1dd012f6dfc968ed51fdc8496ea91e1d86f6b775280

SHA512
cff33bc1129a798f0ea2a72ff14919c23a5e5fc95647140fee49f48f5d1a6e0ef6ad13e47717c236587eca8a372565e06fe9977b93b5ce47a6699658d45f912b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
3a7149c0d7da6496f3d96eef5131cb4d

SHA1
f413e58516a20cd1a732c3c6f484477c2a1a637f

SHA256
f4cafa796f331c3d1a6a9535f3f59cdf387ed4791d8dff0161f9c3f3965cc15d

SHA512
2bee1b9311a9c6571fa435f14344fe5288926a4795e7df6583d54c86f715ef723d660064e889d3334b715d27188bf9d6f13ba12e01354804d1ec965399fe4c51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fcd9b052d59a139ace33c87ee324d8ea

SHA1
bf6a5de21d096f60b307dc75c529b01e14ab6972

SHA256
db7f527df863380a26d496ad5a31fa2387a463afc9fde0376250bba481501d31

SHA512
352ccfcc361273530a52330528a095e7c9d7a383dbc591a0cc021e7080da2a51712ae77d5e6bc993feb62720e4a7cd86c7288e16c372644df1a50bcfd2756ddf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0a9a913fe0b4ba9d15f86cdc0131664a

SHA1
092c06ddb377d31bf2ec56ff1d3a2dc67d74950c

SHA256
d61d3e2071ab302372009e68ba9ea8f56d3ebef33cc85962a7a4e4fb2fef5d95

SHA512
824d318ad170cbb2be3a7d9856e2faa2be667b3ccdd2801f909a838489cf648cf593268a53f76ec55702341b2c5e2953f17f0c45b05dcc4fc6104dfba82c5557

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
d6cc1af63d56f8b4e0e19f85b94db94e

SHA1
84f481592d7b3645065e94bb3cce0ec9913f70bd

SHA256
b23f070e01e0ce6a87608688c99f3efba0af9f61cc324959199b405a9a7d2ccd

SHA512
689350d6dbe714e600b002edc54a4b72c8e3a548bb91608baa95795fcdf023d6e0cddb88168cee7f377d1853013d3dabeedbfec7f50a826ffcc936b62588cffe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b1f6eca1b6c3825d9dbf1252691adb2c

SHA1
503dc9aedeb2c6b535d3fbd5457e33a4266b5064

SHA256
1c53e94f809eeb0d1f66a48f177e61918ab200e669483dc54f68dcd1c4bc4342

SHA512
b83de7dfdff08b80f1ddd21a533b6131efe47b5e3c70e7c077545b9fb2545dcccbe6e14fa5cdfdaf061811fe5b9fa69ae326a0a71b2ffaa39527e8bf15de50d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ed772a1ac5626e9ae16b61d3072b7cb8

SHA1
3388b0d3dc471066f1776a94852ec00d07376c25

SHA256
5cf63ca1f0c33596de0a378bef25531ea1d5111e090fd2c287c6b92aa31c0888

SHA512
8c3eeabdb040239a6d10a20a554c391ac999b0f69df95aa97608f71b584d56a7fd9bf6add073fa4284f24a6ca397301d32ded3a0ac6e7124c1e72e79fd3703fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
76d1a7a370fc4164d56733c156c852ac

SHA1
94396f3c66d488ed335b62446f82279b95904a4d

SHA256
3a2be7e96c80485b82ca63ba1ef350d7a8d5262ea74b4472e5377d37421ee78b

SHA512
641a2e3bc447f24714e9c0e845d5ef271ac9b9b7651aa3bd818f4ffad5dde2260caf41292f35138df03737f0271f7cb6334ed639545915fb08ffaa9d8b00ada3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9683730424526f1b6150da599fabf4b1

SHA1
f37f19a9f7c9c224148e3f46dc25b221a4b6d6fc

SHA256
edc754466221d2ec126b7061ff1ab3396e5ccb324bfd719f1d9816f3a28423b6

SHA512
025682eef00d22d15a00ae1fca670b34d0a0d219e9fac0ef7c834668242d8a01302c80b3750f5aece55530e96c3892a6b0118784a993b702272934fc590d4f1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0e56b72acbaa1cc30f712251dcabb627

SHA1
58df5ac7f1b4599b475e5e9a731d11076ccf9fe0

SHA256
42b1efc1525ee2339483a4de79e9d3acccd9246c5cb0c0c760cca872f903f4da

SHA512
5368ceadfae476a2a17a8d9025682aadfd06b9e9d3d9e8fa4dd51c273ea905b60196aab1b4b978aed63df65a24434199951ad7eb968cd330de9df9871c6f85e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6fc3b16f45ea6b207585b558310b7488

SHA1
46d17a1ae214334e33846ec85963c5d696bb3ce1

SHA256
e0d87125dd5c70969e96144faffc05376a4cf831998f2520be551c0f90aecb7f

SHA512
882c62c8d2ec337ceaab6c0e648f800e83e8116349f8ec6662719d6aca9aea365e5e94e1ea251b6aa0e3d0b8ca97c255dd1838ce6eb472450cee5929a48dba5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
067c15bae26467d8953f6e4912f3d99a

SHA1
519524ff3275ae649ba986b215b3f81824de5ecd

SHA256
000b3ca16dc05b10e2ad4d304961ba240a63efd15dc48405532a2a2b3cc9dc5d

SHA512
61374acf5c889d745be9558ceaffebb8ec212df89b225747d92af2247e705799b8f5cb59106403ffa239ff22671acd82ef6453ea433f2f8f3310627a6127c69d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6766d69e8578dc1dbb1bd825553f9ee1

SHA1
35a7c76f79f107918d6a28790effd7560a52a4fa

SHA256
c375bac4717f9b73fac672d9749e57e2629ec981deb7b48bd030cff7f0ab2e87

SHA512
fad088d916aa5c58e2d028c42ccd5e0eb97b165467921a966b5000be6a0ca7c55af9c22c9bfc5000d3d8c2eb1b889a6ddecae1e27916d62407e9a8a0729a045f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
c172d375301c50f60d0214e8261dbb3d

SHA1
39ae822aea142ec6cd1bbc6028a2b64469806ecc

SHA256
29fb09350f8128a6f6b19eda37325aad39b888fba29e47306d7a3168e06d8016

SHA512
f323cd95d9e4ff3f8576b593ee37db6b56b2903d59452864b768b556fd18c6242924234ae804ffc7695bf5e7b2266d8527c4b18b3f4415c174a3b393be0c8806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
791cd4b34a00ac453d660e105a2e99eb

SHA1
9edbda6f027f1011f08b4846b4f0dfb754847f85

SHA256
24f101b5ebbefcee8fde3592ba4587d80ea700c1625f97ded5707e12c627eaac

SHA512
1f7744c913b21be16ade4a8f9d02f2b81554af437d131a5b81899448bc9f2ba89274176242bfc7bf8d69ecd2ab1ca41b19ef81d0383bddc0ba215fd364cf61a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
2b45b73d7d98c5575176c1fe2896b0c6

SHA1
7920aebf4cf90c7a6b1631b262d437f6e2055c85

SHA256
ba4af8edf369e5036e92fb65aafa262dd11057d887a0ba1e928c84a7f443ba28

SHA512
78e2f528ebfbf10d0a60088dce59f30c0b78c044a7c9e5deb141caf66c542cf02687e396d1776558681b80e8e46bede8742edebfc4448965bbb87dae92825771

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
ce93d09290a00b15de0529216387424c

SHA1
47b24062ce9053fe1ed16dd41377171bca473aec

SHA256
0b17c5b919ed930fa7318a6843693bd280a56cac09abf4b41744e7b203bdd703

SHA512
fb41bccc3864fe42bfa18df2694612481dc4325895f4d543baa2b4bbdaeb1b3c51ee4c36db954ee7c428697de6597abef59138186dbe79db8364bf3411d0dff1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe575534.TMP

Filesize
93KB

MD5
0312c63d14da4ad9cb43e4b2a6a637d6

SHA1
bb4522d329f89c89fa9165addef4f29d3e6e86fc

SHA256
89c01bf35235bb561bd5d05ad817557d089b941ae67105186b418b83e3e477d8

SHA512
4a63f1d3862e8a9b972536e06cb9ec6079c39fa272ef2b5bc83de40c5217e7d431edc7f53e4cfdb5180609dc90d8d13a4643bac1cfdea2dd51620d0b70521730

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit