hxxps://slickdeals[.]net/?adobeRef=4614c116dd6461edbcf14461111a0a01ff0140&sdtid=46514596&sdpid=112146466&sdfid=46&lno=3&trd=https%20go%20145a%2014%20t%20com%20&pv=&au=&u2=na5[.]web[.]app/ai2PusFt5ttFe5dy9rtyFe5yth2Px0qretgys3Rkdy9rtgdy9nFe5t

Analysis

max time kernel
55s
max time network
58s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
31-05-2023 13:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://slickdeals.net/?adobeRef=4614c116dd6461edbcf14461111a0a01ff0140&sdtid=46514596&sdpid=112146466&sdfid=46&lno=3&trd=https%20go%20145a%2014%20t%20com%20&pv=&au=&u2=na5.web.app/ai2PusFt5ttFe5dy9rtyFe5yth2Px0qretgys3Rkdy9rtgdy9nFe5t

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133300201137345226"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4212 chrome.exe
4212 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

4212 chrome.exe
4212 chrome.exe
4212 chrome.exe
4212 chrome.exe
4212 chrome.exe
4212 chrome.exe
4212 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4212 wrote to memory of 4244	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4244	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3956	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3088	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 3088	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4860	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4860	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4860	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4860	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4860	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4860	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4860	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4860	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4860	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4860	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4860	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4860	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4860	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4860	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4860	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4860	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4860	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4860	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4860	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4860	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4860	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4860	4212	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://slickdeals.net/?adobeRef=4614c116dd6461edbcf14461111a0a01ff0140&sdtid=46514596&sdpid=112146466&sdfid=46&lno=3&trd=https%20go%20145a%2014%20t%20com%20&pv=&au=&u2=na5.web.app/ai2PusFt5ttFe5dy9rtyFe5yth2Px0qretgys3Rkdy9rtgdy9nFe5t
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff884039758,0x7ff884039768,0x7ff884039778
2⤵
PID:4244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1852 --field-trial-handle=1780,i,13014393135606110191,11599391346253008978,131072 /prefetch:8
2⤵
PID:3088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1780,i,13014393135606110191,11599391346253008978,131072 /prefetch:2
2⤵
PID:3956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1780,i,13014393135606110191,11599391346253008978,131072 /prefetch:8
2⤵
PID:4860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1780,i,13014393135606110191,11599391346253008978,131072 /prefetch:1
2⤵
PID:3764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1780,i,13014393135606110191,11599391346253008978,131072 /prefetch:1
2⤵
PID:2772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4376 --field-trial-handle=1780,i,13014393135606110191,11599391346253008978,131072 /prefetch:1
2⤵
PID:4660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3220 --field-trial-handle=1780,i,13014393135606110191,11599391346253008978,131072 /prefetch:1
2⤵
PID:3252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4564 --field-trial-handle=1780,i,13014393135606110191,11599391346253008978,131072 /prefetch:1
2⤵
PID:4884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3660 --field-trial-handle=1780,i,13014393135606110191,11599391346253008978,131072 /prefetch:1
2⤵
PID:792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 --field-trial-handle=1780,i,13014393135606110191,11599391346253008978,131072 /prefetch:8
2⤵
PID:1112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1780,i,13014393135606110191,11599391346253008978,131072 /prefetch:8
2⤵
PID:2000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4456 --field-trial-handle=1780,i,13014393135606110191,11599391346253008978,131072 /prefetch:1
2⤵
PID:3520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2972 --field-trial-handle=1780,i,13014393135606110191,11599391346253008978,131072 /prefetch:8
2⤵
PID:1432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3224 --field-trial-handle=1780,i,13014393135606110191,11599391346253008978,131072 /prefetch:8
2⤵
PID:1500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1780,i,13014393135606110191,11599391346253008978,131072 /prefetch:8
2⤵
PID:4828

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3012

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
Filesize
162KB

MD5
44ec03cb3248c903b67751ea27df310a

SHA1
c57e9cf90caf30457e9d57db750b8a0eb8856770

SHA256
d4de4a836d11828dd561db1eb8d7fd48a7e0ce9afd8645e2eabb19a1267b6894

SHA512
657e8958d97eab524224bbd8903e0bd7d0c2640805f77da7546060164fe03f7b6ece99a005ef44e41b7233a2e24ffc63430b2fe3c87f61a1b26e0d7c7e52c365

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
510f330940ce812ad062323ebdfcb464

SHA1
0fcfcc516b43ed83b55b32471cb9ae2f0d27b2f9

SHA256
9ba2e62acb0a58dee063e7b6225236178fbdd0bd7cafab6fa0488625aa2c0be1

SHA512
e64097e1ce464e0a8ca1cc97881c6389407b8bcbe2930f79bce495f3487fefe9feeb8176b8e3ae98d2e5d2c06537eecc53bcdf3e4357d9a197fdbce60cd5b098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
02c021a474db5ecbb347459493f66351

SHA1
bf05d065f434a0ac8929fb23fbca0f7a501d449d

SHA256
b2ce9f0e0a28ac4f3f895b5d5fdc923010af26d893d0e1c307119cb7dfc0cb87

SHA512
e781801d01b6bcc19471d4c23e30caf98f439a9393f241756a79739047b7ccab67a146f9a9e8593d8897687d3a6e5c24166ecf55245e153aa3180f8bedda8a52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
227d35b2f51b4f5a31914087c19e0f38

SHA1
e2b0e20e6ba41d62d0be30b532b644e91c8973d8

SHA256
ebfcb05ee3b50adc703dcd19a8705075b41557836eeb64922a513eab47aae5f2

SHA512
410e96a03f356f0fc9723227795119ecdca2ef06ceca9278ed4748e86b760cea6b13b7605209b65214e06490a1ffb94d216cac6885cb8403dff73b76fc09f651

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
98e455a89ad22bbfdceb260f488ddf54

SHA1
e8330944de553e57f7fb8d6638667aa5eb1eab32

SHA256
400b2c50daeed334db6caa5836c041ae89d78d3819187568d8bdf08892478f62

SHA512
ee7cca4d0f34993fc1c6f300159a08608cb759f091ba51bf2c565f755593d4e6d419115cf9580fc1622ab6f1b4206e462a94a4f47400b0d4e7243a10c071e382

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b08eb8cad74fe1c6cba14933d20f2002

SHA1
470a59520452bf2b97363656e6b735d884be9184

SHA256
34040e687d20aa3e65d19aedfd8619c2e8ffe86af6303df1fba7663d4b43126d

SHA512
d5d45ff50fa0de08add9310423bb66321be7b7ea14e3bb77d9b4cbe6f672dcad008bdd4398447676fa520a101782515f36e94a7e840426283adb0b6b6378ded0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
556f40e495ffe6c3e6cc0707f3c8815c

SHA1
e5645c9e247611516c281a7bf3ff07ab59deb863

SHA256
c6b8674f322431c59b1c8761341fd1cf895eb9428d16adaa90b3b765fcb1d8c1

SHA512
5d34bd3e5528b37b3d56ffd85f120c7c0e9c0610a7eb9a21542be2540c435e45346e1590f3d67a4194c1fe9f3fd49a3e5543a24f8c90209282c910f5f9617528

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
155KB

MD5
fdd1b9693301f575d6093bcbd1d5e0a5

SHA1
1d33c99f67f9304c34354ad5b3bf163522bacd68

SHA256
4e00311ccb2d603d5db71b710d0f75fe18cf4706bfaaf3f40d8043e26ee1072d

SHA512
ff424636c1aa65cda41a875f6a26277062a27b05440b65dfc722f1a44c73a410de1d8de197dcd865c6e386b81e4ce512997118cdf1830a11b0665b9a35a41928

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
72KB

MD5
cdc48681a8ee99b54da005c8147f2848

SHA1
8b20f9da4fd7a1e63dbba670d4acec1c7a0f2d6d

SHA256
39a42a86dac4f0847ed1b961a4a00d921e83bd60354e9b5c59fd25ca69325273

SHA512
1a8befb65e84c3649bdc958f745c57701cd94b2047646878ae7e6f60d76afd835246d224a46dc7b569a11fcd6510f686374afff6258503abb89a3eca1d7166ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit