hxxps://precisecomfort-my[.]sharepoint[.]com[:]443/[:]o[:]/g/personal/kbailey_precise-comfort_com/EuOwaZPRdwhDsQxoo30xZLQBJafphgDa9vtbweJPRSiI5g?e=5%3aevYHHw&at=9

Resubmissions

06/06/2023, 13:38

230606-qxsyxaed7z 1

06/06/2023, 13:26

230606-qph4qsdh22 1

Analysis

max time kernel
300s
max time network
302s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
06/06/2023, 13:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://precisecomfort-my.sharepoint.com:443/:o:/g/personal/kbailey_precise-comfort_com/EuOwaZPRdwhDsQxoo30xZLQBJafphgDa9vtbweJPRSiI5g?e=5%3aevYHHw&at=9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133305315805481400"	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
284	chrome.exe
284	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe
Token: SeShutdownPrivilege	2468	chrome.exe
Token: SeCreatePagefilePrivilege	2468	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe
2468	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 2456	2468	chrome.exe	66
PID 2468 wrote to memory of 2456	2468	chrome.exe	66
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4140	2468	chrome.exe	69
PID 2468 wrote to memory of 4116	2468	chrome.exe	68
PID 2468 wrote to memory of 4116	2468	chrome.exe	68
PID 2468 wrote to memory of 4644	2468	chrome.exe	70
PID 2468 wrote to memory of 4644	2468	chrome.exe	70
PID 2468 wrote to memory of 4644	2468	chrome.exe	70
PID 2468 wrote to memory of 4644	2468	chrome.exe	70
PID 2468 wrote to memory of 4644	2468	chrome.exe	70
PID 2468 wrote to memory of 4644	2468	chrome.exe	70
PID 2468 wrote to memory of 4644	2468	chrome.exe	70
PID 2468 wrote to memory of 4644	2468	chrome.exe	70
PID 2468 wrote to memory of 4644	2468	chrome.exe	70
PID 2468 wrote to memory of 4644	2468	chrome.exe	70
PID 2468 wrote to memory of 4644	2468	chrome.exe	70
PID 2468 wrote to memory of 4644	2468	chrome.exe	70
PID 2468 wrote to memory of 4644	2468	chrome.exe	70
PID 2468 wrote to memory of 4644	2468	chrome.exe	70
PID 2468 wrote to memory of 4644	2468	chrome.exe	70
PID 2468 wrote to memory of 4644	2468	chrome.exe	70
PID 2468 wrote to memory of 4644	2468	chrome.exe	70
PID 2468 wrote to memory of 4644	2468	chrome.exe	70
PID 2468 wrote to memory of 4644	2468	chrome.exe	70
PID 2468 wrote to memory of 4644	2468	chrome.exe	70
PID 2468 wrote to memory of 4644	2468	chrome.exe	70
PID 2468 wrote to memory of 4644	2468	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://precisecomfort-my.sharepoint.com:443/:o:/g/personal/kbailey_precise-comfort_com/EuOwaZPRdwhDsQxoo30xZLQBJafphgDa9vtbweJPRSiI5g?e=5%3aevYHHw&at=9
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa03d49758,0x7ffa03d49768,0x7ffa03d49778
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1892,i,6480149696386751288,12428370690233350362,131072 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1892,i,6480149696386751288,12428370690233350362,131072 /prefetch:2
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1892,i,6480149696386751288,12428370690233350362,131072 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1892,i,6480149696386751288,12428370690233350362,131072 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1892,i,6480149696386751288,12428370690233350362,131072 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4320 --field-trial-handle=1892,i,6480149696386751288,12428370690233350362,131072 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4236 --field-trial-handle=1892,i,6480149696386751288,12428370690233350362,131072 /prefetch:1
  2⤵
  PID:420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1892,i,6480149696386751288,12428370690233350362,131072 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1892,i,6480149696386751288,12428370690233350362,131072 /prefetch:8
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5052 --field-trial-handle=1892,i,6480149696386751288,12428370690233350362,131072 /prefetch:1
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5128 --field-trial-handle=1892,i,6480149696386751288,12428370690233350362,131072 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5420 --field-trial-handle=1892,i,6480149696386751288,12428370690233350362,131072 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1892,i,6480149696386751288,12428370690233350362,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:284

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4800

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b9a0f638c15dd55e8095300ed58fe81b

SHA1
a094f84fd7abe6d2d5a96a93ea22ba00221b47a5

SHA256
ad264dd153b22c1b293bb31b8d339534beceff7db7e92e83424affc0d4a1d32c

SHA512
cc8881d468d0c9330a5451a3ed1e983c4cf1ac0e2ead994924032ad8e9b02ff16e3c5c1a9687d8cdde50e3ddf1bc89037f4cc0e89b4f7ac5eb5c4ad6239f33ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
876211df531e175aee59e3fb21b23601

SHA1
0391bf9e4058a87515fd1a8c49dafb8671992bb8

SHA256
2cae019f10ef57f7150b74bd5949c91b6e4f276eda8fdb802b0d6342248c5bae

SHA512
c10ad19d4834fdc755455795e61d51d5460ec98d28d209e0d32776283bf0afef020cd4d03f7491ed21068e8add3052240b47d56968d27d86fa60d7254a6c7e21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
980229310d8ac6500073237b9b0d4a09

SHA1
435962f020742058f6dafb5b0e9cdc47f81386e1

SHA256
4f3b52f3d6d24899c4047504e4548eeb4534d5f9f7ebba4887208711428f7aea

SHA512
ae61d2b4873267fb36cdc27af6b06eddce4224b6c7bfa0ff14b06edd13f7ed7189846951e47e7eb9cf2ba2739ea6e68a7382c695f236e8a131577c54b14d795a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
d01af39c4d393cfd095b27354ac53432

SHA1
633ff824af2047f3000b32d369c29dd744219f50

SHA256
9856c334e259bec34bfa7ef048abaf1197223a10254ecedd53eb45b5920b189e

SHA512
3ace886c43bfe74802643a0cea5bc6770cb1eb95d066fabd351bce3d05a74c6dd51ed59e395642aa42af7e95c7b98066a1aad1cb7dd45a223c90638d63db5e3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5d5029299c712049582bfbe6241e8a0a

SHA1
38da5511066654ca29f1b327952153d26d8bf91c

SHA256
ffeec7a2f7bc7269f3f35006be62a88fc4fb9ee519a4ec37ed6f4e75756d10ab

SHA512
2015e5729350a42356d089035bd733717337489832f64141f59e301d18b0661a945dac4e7d37b540de2ee3872c9d649499615c73c129a98df17caa39aabf161b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
02ce0b94ee51785788a2a859e7309c39

SHA1
c2207eb9b2ffae4ca2093a9c77f88878c2391d80

SHA256
21094dce28ea054f3b5a5878174d244bba2cdee704cd113994310cdcb108123e

SHA512
c3254b3f3417112fddeb450db58e2c936223fa92f83a6ec9f9c708a6d1214b62d8cda981bbc4d3e7689fbaa3d2b1163585667c0f55ea85c5499b7c9572bc68d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
b030ac79fae3f92d9684a6400bcb9cd1

SHA1
e6d9a143e7a8094fc2e9d97c2e2ffda036503efa

SHA256
fb05e29b84d30a1ad6561d520ba005048d4b4d3c9aca9624294c9c4bcbd1b151

SHA512
ac17692eb45c31c68480a0453f10571f5c507149df4b63535c5d9a369b981f1d75323c369423f5fe258a20e4345ea908a560c32072b80237f070b8674326ddcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
b0641ba50af98ceb9e514115de0ec4c8

SHA1
25c1313146bdf6e73c749996ceeeb84aad258ac4

SHA256
404a2932caed0a726e34d51fd08183901b3cd09c06824bfaee402c59819d085a

SHA512
b06fb1afc35825b026244e7ea32a700af5748a9eb36eb427dddb8a3d47efad28f35443ce7d299b62d2f0800421a916b66ad88e5d4c3c04dc6b8a878aeffc8c7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
fd733613b05696d01b6788484a9564e9

SHA1
cb52fcf7066a84b638f1fe4323bb2c155b3ef4ed

SHA256
d9925db80c27e80b3c32c385af157d5061bbd0545349c3232300784b88d5cdfa

SHA512
74cfeb91009a2b2d3c37a2a02e1d66a31f54b6e9e93439cf2305c41a89dcc8d586b38ce956ccce4e0b1632fe6d114ad38a0432d5007ad63fcb560bafc100f07d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
6d941cdb47f0028760e582076471125d

SHA1
fc2775b0a8e0215f669928503a8aecbe6b75ac1d

SHA256
17013f11dca65914972ffa16ecd9aa678a5162f7b8f479f7d95c3066bd4fa59c

SHA512
288241dc23e3678d2753330a2ef906518bbb10d0a58a0a079b792dc0433f238c3a1ec010f39ea3d2471b041181ed8437df8a471a3b67ad5b4cd90b0029391e94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
021127d34b5aacee34c156b11a7d7a7a

SHA1
2f5cb22b8557d9f772cc9ccfedd13f2f706edc8d

SHA256
6bf251ceb3d510b50fe21c6c4ea967075f9515458cfae268d03f9ad81e1302b4

SHA512
4b258334478c1adde3fb3a39bad09b3f9e38341792b8cdc8711464a61f3ba50abd238e96e212dccf27d7423791a3af335c12969146d44fce5f924c359819753a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
877d298c306b09d792a641748a2a68e7

SHA1
3dfd926a173b6b5df717994425df9061574c2352

SHA256
98b67b65cfaaecb619956004a9c370c82def90ab0108b8d75cfc75877d94ef44

SHA512
ac36b5c795c0968a4dd3a96ba70af0e6310bdb1c16262e18f3e55fb6062397ccc92b2749ee765e60b55af805b52b2ee1704bd117829ed260a586457b0b0b2602

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b9edd1584617d86f3bcf8d693defd73a

SHA1
b6ba7f85d2f679f5a3800068a6371d5745cfae5d

SHA256
5d0bae6c50a33e24897dbe362e068c5a0909a8d43365f51a67b45e9e6ee1bb36

SHA512
d124c13933b3c32ae60506a93c3290c46e8dc0062450336842cc48cd1fb390d562a88fa8799c6a9a09f2a86534a769654525a8ef8112eb16061fc7702be698ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
157KB

MD5
eb90cc269e0f64169c20d980742b78dc

SHA1
0d162fa4ce5aa503811e519188308f507763e34a

SHA256
6bdc05dbdf4a36c700c3afa41089884a8cad91de19548459d4c8af06e1bc21b0

SHA512
23d3fa509fe81e13d5c70b6ab78cf2473fc6f73d7be9ef51f67721c1dd5493f26c837651349523a795af26b0b488fe63051d706931998fa6b2bd03bf1990e72b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
157KB

MD5
345be6d70a89f51a2d876faa6f9ad053

SHA1
3713ec79f323468c0324826ed896873d40615bf7

SHA256
2fc9e4a17e2fe188a6d81d3b07a65274b18ede931c952d696b6d1f4ee927caf7

SHA512
0c29daa73d094f6f266aa93bf9e55b5b86abac3a1cec0d95c33473e7711cf31fa0de252ea40cba6603dfc2114994821e2601fd090967e1d2a000579331353f81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit