hxxp://linuxhint[.]cc

Analysis

max time kernel
60s
max time network
59s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2023, 07:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://linuxhint.cc

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 8 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{53616C2A-731A-47E8-9E34-49B89E4F57B4}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{5D8E0013-8F81-4C70-97BB-7D6AA95030FA}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{4139E76E-10D5-4C16-B36F-F111204A0D25}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{33DA5BBE-0AC3-435C-B184-5C611C2B92B6}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{1FB4DAD6-9986-48B3-99F1-0B6319BCA5E6}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{B5B79F66-6B96-4985-B11D-5017E7D9AF2E}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{94FEEC36-3423-4170-8587-C4A093281018}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{8821BB1B-A763-4EF0-9187-C26B2DF17325}.catalogItem	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133328445184359687"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2796	chrome.exe
2796	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeCreatePagefilePrivilege	2796	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2796 wrote to memory of 464	2796	chrome.exe	82
PID 2796 wrote to memory of 464	2796	chrome.exe	82
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 1456	2796	chrome.exe	83
PID 2796 wrote to memory of 4416	2796	chrome.exe	84
PID 2796 wrote to memory of 4416	2796	chrome.exe	84
PID 2796 wrote to memory of 3652	2796	chrome.exe	85
PID 2796 wrote to memory of 3652	2796	chrome.exe	85
PID 2796 wrote to memory of 3652	2796	chrome.exe	85
PID 2796 wrote to memory of 3652	2796	chrome.exe	85
PID 2796 wrote to memory of 3652	2796	chrome.exe	85
PID 2796 wrote to memory of 3652	2796	chrome.exe	85
PID 2796 wrote to memory of 3652	2796	chrome.exe	85
PID 2796 wrote to memory of 3652	2796	chrome.exe	85
PID 2796 wrote to memory of 3652	2796	chrome.exe	85
PID 2796 wrote to memory of 3652	2796	chrome.exe	85
PID 2796 wrote to memory of 3652	2796	chrome.exe	85
PID 2796 wrote to memory of 3652	2796	chrome.exe	85
PID 2796 wrote to memory of 3652	2796	chrome.exe	85
PID 2796 wrote to memory of 3652	2796	chrome.exe	85
PID 2796 wrote to memory of 3652	2796	chrome.exe	85
PID 2796 wrote to memory of 3652	2796	chrome.exe	85
PID 2796 wrote to memory of 3652	2796	chrome.exe	85
PID 2796 wrote to memory of 3652	2796	chrome.exe	85
PID 2796 wrote to memory of 3652	2796	chrome.exe	85
PID 2796 wrote to memory of 3652	2796	chrome.exe	85
PID 2796 wrote to memory of 3652	2796	chrome.exe	85
PID 2796 wrote to memory of 3652	2796	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://linuxhint.cc
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff849da9758,0x7ff849da9768,0x7ff849da9778
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1780,i,4788907769392114010,15526805897549820230,131072 /prefetch:2
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1780,i,4788907769392114010,15526805897549820230,131072 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1780,i,4788907769392114010,15526805897549820230,131072 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1780,i,4788907769392114010,15526805897549820230,131072 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1780,i,4788907769392114010,15526805897549820230,131072 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4816 --field-trial-handle=1780,i,4788907769392114010,15526805897549820230,131072 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4948 --field-trial-handle=1780,i,4788907769392114010,15526805897549820230,131072 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1780,i,4788907769392114010,15526805897549820230,131072 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1780,i,4788907769392114010,15526805897549820230,131072 /prefetch:8
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4968 --field-trial-handle=1780,i,4788907769392114010,15526805897549820230,131072 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5356 --field-trial-handle=1780,i,4788907769392114010,15526805897549820230,131072 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5500 --field-trial-handle=1780,i,4788907769392114010,15526805897549820230,131072 /prefetch:1
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=960 --field-trial-handle=1780,i,4788907769392114010,15526805897549820230,131072 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 --field-trial-handle=1780,i,4788907769392114010,15526805897549820230,131072 /prefetch:8
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5928 --field-trial-handle=1780,i,4788907769392114010,15526805897549820230,131072 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5228 --field-trial-handle=1780,i,4788907769392114010,15526805897549820230,131072 /prefetch:8
  2⤵
  PID:2092

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4388

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x240 0x478
1⤵
PID:2316

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:3612

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
3db52941b8a8aa8aef0ac60e71c463bd

SHA1
43f16509836eb7ffa44787aba12a5875fa7f2f2c

SHA256
7adf439994e9a0a6e44d1be1a4734a2e90385ea14267224c9e82084de9f755a6

SHA512
d934ad3ac93c5629148e0a612969372f967d8a6b1613843b0e64533c7cb19ec9216799105d2afc5e67a359f8ebca08f352679d3e0a0876dbb10dd109246070f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
f18d9ef43d5c3852cb86de8292f68ccf

SHA1
56245c504ef8ece8c250a8af66f30ad54dd0af14

SHA256
1c9029f682cba4df84a31de3216cc8b98c6393411b0bcac6e1c850dffe9d276f

SHA512
9eefaed3b14ecb59539661df54b4531b7852d818b9bca006b4695487f4e9c33228ff1ebcc8deef70172576462ba5a133b57a6349b2dc4378c9dc9a87ea0fac49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1de14fb7aa3f0c77c3fd320873b7f5b5

SHA1
7c836302e58bb747b8edbfe831b6f622cc391093

SHA256
65bb4e20634e7e3c8c177038f6c2189301b33e03c46a0147c5036583141b7691

SHA512
4a108488d684b48547666702f3ea2f18387fad48f4e51200b67e2b93c8ef95d61d96cc53a062d8dd357de4d24663f03228c001088ed79f15cc6a04c4c2cfb4aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
658d068a4988015b71b8d5b313bc69e3

SHA1
cb4aa3f9450fce5602871ed23a7687f0306db4ac

SHA256
563003cf633b537356c68d5912f38f2f6007f918226785b86527e91ee22c2de4

SHA512
d08d40d7e1b2d3c7087b3fa1b28173b64b3f5844d05f9640fa838c0fdc39275ff292deaed096eac41ba24a1612a952dcc50dd3f0e6d67495aa2c4359cb80b75f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7508217f3933711fc0c85bb31f03e64d

SHA1
b0aefb95d4bd82c657320e5a7c9a64ece255fbe3

SHA256
719ebc26bab11805e7672920d37225b7992e5895ac68c5446e846bd62b4bd4e8

SHA512
e6387524a20cfa9b4584bcd287a3a8d5f742bc6e1ba5c9263b680b374f48638dfb02f23035814a6293bf1bf04c3d89d85d4e8999bc00b6ffd7a902da717e174c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a88c4681bae351408b4863850e25bba2

SHA1
0c28c9f20a0557e898a1a95c9cdf7b8a02049c2d

SHA256
f78056e534a2154cf0bd41039e68119f356504a51bd4683ff710ddf582028b2b

SHA512
1c52bfe0e54b43800b7be6baf36c2dcb4d56c520125eee88bb8c1ebefd7b766541ffdff58c351ae78951f28fbcc38df598f654478fd68a9dfe0b8c749f550773

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b31c6f4c6397494aa682b0d35da92975

SHA1
41940c0c46f0679b7c4fab82fb7a5af3910f446b

SHA256
b58012177c2ccbb9aef177c4adfcb117bcf09bc141b75b16f6b6a989f60bad33

SHA512
572e3b6be45036d3d5e78000c5c504664a6d6c58a24ba76b58fd4dfce5f736f9584b571c18de01229d5014fdc18a5ff55f4005abc8df2eef5481e95c927cda13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
15233ede17e54f1f8f7bc917207032b1

SHA1
6a1a9ce5693ea7e3e713582914846c8e1a7c573b

SHA256
c3a5f5dbbc01b1848f4bbd0de8509a83120427054edced91c030051a82c66cc4

SHA512
df454426656df632963138ab3e0ce195f366c4ba1de19ecd31447858aee88f1245cb1de14561eb275d7357b67099bb79215a1cc3fe743ddff20358b4c3042e50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
caaa791ae8da9e5bd9d478e42d599b0e

SHA1
8f35e2ef26a15ffd45f2c843cb70d9d830a0941e

SHA256
7fbe67220b90a2df5bdaff284cc44bf70b0ae70c618b193deff5afdb8f3e5d10

SHA512
604d4b1eeadcae34454bebf11c750c09bb7bb7af6b8b0d83d0b7a322a9e20dbfc994547ee1c863f7575653e01a04b9d5ebeb0d79c692cc518021867d2452e0b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
dcc90f2e10d5da6ed7b17a6554ef055c

SHA1
26355c73b473363493b6d8be0de670b4e1641c4f

SHA256
4e309c891cc1ea6262f61f81b6a47b53262c1cf49c877f90dd48d1fecd1981a3

SHA512
99cbd70f6e4e5bfb9fa2b475562ef99544b0b8c886911124a3eaf29546aeaf8886be75b41da8e662d4f04708ea2465e97c96743977835d5c2a608fd4ddbfba0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
d3cb43bcca48b99195ae98572a9b0c25

SHA1
392663fbc1ff9b0cd0d4f7329a124995f9fea678

SHA256
1f002fbcca6b52c79f0b517fa7e57eab2d3eb7057c1727a2aa3c67873be67107

SHA512
2ab0f63283aeeaba29b4853ad3082954ed027cb345a6f1998ef9c7d48a6af4be6f5a264650c71d7f9bbe3f4537db61fca71ca0f5e8b3153a62b55693ce086d7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
1639fcccae9556cd8ebfdf046b65bfce

SHA1
26a58dd337bd4f3de4adcb00c25628a863a58183

SHA256
efff2dbd1a24ae57144c6936e03cbe0a7c61058cf53e1a07237dbcc8ed9f3f33

SHA512
7e7db4c5702d6cadc5c376ec47574d4d2c5960ffb71beb39308abc598c5adf405afe5b7396c4e0633c295509699b3c3758ca65c7de595384c55574283482c9c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57320c.TMP

Filesize
101KB

MD5
bb9a5a38f8606215696a848659acd73f

SHA1
5ae6ff3a84c3f794db5453e507422b76bac94f56

SHA256
3162ec62c4e164ab04484400a5b0788f45e55701ff4a87331e10fb7d996e8cb6

SHA512
cddbd9f44051d6a8af2e89031eb73747416eed7dfc918cf42e9cdf5ff7a97b40eb35d40b543eb22b0cfaf86ef22715060b84de832efa67c45e8ee4e0f6e8d356

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit