hxxps://flvto[.]bz/tpxznkkju/x2-convert[.]php

Analysis

max time kernel
97s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
05/07/2023, 16:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://flvto.bz/tpxznkkju/x2-convert.php

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
376	chrome.exe
376	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe
Token: SeShutdownPrivilege	376	chrome.exe
Token: SeCreatePagefilePrivilege	376	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe
376	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 376 wrote to memory of 2152	376	chrome.exe	80
PID 376 wrote to memory of 2152	376	chrome.exe	80
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 4196	376	chrome.exe	82
PID 376 wrote to memory of 1996	376	chrome.exe	84
PID 376 wrote to memory of 1996	376	chrome.exe	84
PID 376 wrote to memory of 4064	376	chrome.exe	83
PID 376 wrote to memory of 4064	376	chrome.exe	83
PID 376 wrote to memory of 4064	376	chrome.exe	83
PID 376 wrote to memory of 4064	376	chrome.exe	83
PID 376 wrote to memory of 4064	376	chrome.exe	83
PID 376 wrote to memory of 4064	376	chrome.exe	83
PID 376 wrote to memory of 4064	376	chrome.exe	83
PID 376 wrote to memory of 4064	376	chrome.exe	83
PID 376 wrote to memory of 4064	376	chrome.exe	83
PID 376 wrote to memory of 4064	376	chrome.exe	83
PID 376 wrote to memory of 4064	376	chrome.exe	83
PID 376 wrote to memory of 4064	376	chrome.exe	83
PID 376 wrote to memory of 4064	376	chrome.exe	83
PID 376 wrote to memory of 4064	376	chrome.exe	83
PID 376 wrote to memory of 4064	376	chrome.exe	83
PID 376 wrote to memory of 4064	376	chrome.exe	83
PID 376 wrote to memory of 4064	376	chrome.exe	83
PID 376 wrote to memory of 4064	376	chrome.exe	83
PID 376 wrote to memory of 4064	376	chrome.exe	83
PID 376 wrote to memory of 4064	376	chrome.exe	83
PID 376 wrote to memory of 4064	376	chrome.exe	83
PID 376 wrote to memory of 4064	376	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://flvto.bz/tpxznkkju/x2-convert.php
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffa70989758,0x7ffa70989768,0x7ffa70989778
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1880,i,11403650965997671995,773516834153414827,131072 /prefetch:2
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1880,i,11403650965997671995,773516834153414827,131072 /prefetch:8
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1880,i,11403650965997671995,773516834153414827,131072 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1880,i,11403650965997671995,773516834153414827,131072 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1880,i,11403650965997671995,773516834153414827,131072 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1880,i,11403650965997671995,773516834153414827,131072 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5232 --field-trial-handle=1880,i,11403650965997671995,773516834153414827,131072 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1880,i,11403650965997671995,773516834153414827,131072 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1776 --field-trial-handle=1880,i,11403650965997671995,773516834153414827,131072 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=912 --field-trial-handle=1880,i,11403650965997671995,773516834153414827,131072 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2716 --field-trial-handle=1880,i,11403650965997671995,773516834153414827,131072 /prefetch:1
  2⤵
  PID:1976

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1304

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
d212977d1fb2b6ac7ef6e6e22c15f374

SHA1
a30aec8ddf5d1e1773b74bf7e9d57e1bb4b6a098

SHA256
4820196503dd70f63baed1c97f231504a0d9e46811d82ad78aaeae35c2e51e84

SHA512
6b7f2aeb79d227ca8b93d524ae195891ee8d1e0d92572ceb89a21c9bf2240ec569b469f30bf972bb950e0e7af51976d9c5f54ee4c631b810b177cb3d2a653c0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
5cd2be69158520d7aab9ccb8481293e1

SHA1
f0d2e9a898681a3f893e0c6822e41197d6a34937

SHA256
091f5a014b8953c2a718651388df2a57acc656a5e0789c80cb6e43b08be9910c

SHA512
f8d6960ef436d5cb194c589bf6b883e36a2617502c14637b88a4d8f77127329c3749654095d9456da34ecadb6fb31224c87f866a37312d76198fe6685d09e6c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7a36518a-ddc4-49ea-838d-921ca7495121.tmp

Filesize
1KB

MD5
1f97358f5aaa3cbb2820c1270a51c60d

SHA1
7aa17fe75e44c332e33d9ad17c437d88504f0fc5

SHA256
f1ed815aff144a79e0bf9cf188346877697215a69ac8569d9bbbcb520557338b

SHA512
349186162c247ee7fdb6d5e98266f7940f9d4b3f2544778fa7476e60f3e0893b1a975d6292e3a6fb777c9f09457e7468633f65f77b2e61d9c5cee11b3ad0694c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b13d1638315e13b947f20b953002df6d

SHA1
cb84a0f2a5485a7acf8c3ac915e9e0bfaf6a0f5c

SHA256
c15046c28a54ffc0e6e9f59a3e19b602c90fe14464bf5a5f6c62e5166497b323

SHA512
64cfa247c370107613f8a190a0c74c980d7004dbe937f1f72785b009d3df28ee3b1ac9e54b44725b15ae7eb9239576ebda9fd1ee8ecdb6e92dab8583ea0ece40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
677ac69da4cb50b39109a92174e64d74

SHA1
e9f9fae89ec50ae02e867102c93f3bf3334752c6

SHA256
915f26f0c244214050f329b067863d795850ca2eceb477f528126b643d7aaf98

SHA512
df65c0605394fd45566f4fdebc0234f199152a37e426329430ac5c7ce0909144d3cc745dc41fdd1735d70286d772d56e51d7491a6b3772d1903defd4c0dac23b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
9f7bfbf6501c78598c4e1fd1e4ffebe3

SHA1
90f4a45cb4157348bde305c9b7fb700976a438eb

SHA256
74d185272fcd50e6ba875e749ae19003bdf87889ea38a8d1a31048c92ea89e98

SHA512
ae594af4e485a4168c9fc5cf6af75e1ad7e9eee0759adef86f0e7eb944a6430c0e62b368c1ed4bdd0bf7ae9e7b880b5d7736f758d0083b431d674167f10c2f08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
d2d08a02ac023ea3c0e71a786f94a1be

SHA1
ccfcb9a9a75d6f2b93fcb41224a032de742eee56

SHA256
7c90eca684d86875c30cf7af82dd08d9812dd1802fdfa871e628c0ae6396ff30

SHA512
4de014fea99f9f983d15f325018f0c3d9c033861a5c8b902e8e7b9c026d5e541884f5e50cce4f3bca21b9fb36e1d960ef25ee6c497371c261d295ca6d11933be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5b9dbfca9b5979f697ffe9bf004e7fbb

SHA1
11b4eed0556070da1138bd0e9d7df5ac25aef474

SHA256
9234098bd37d2b00b30f320bf0f5e637247bb1da1ec1af7a47f1323b998b62c6

SHA512
3d52bdb3e9b8bb54e1786d4052e39a8406c6e875452c578bd860cd8cb446442f9254833a32d09ea8b393523acadccc0674e7f41e6b07a17f7e12e37db5ab20f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
174fb5976d2933e70c3006fa9c9f75cf

SHA1
4783e584f069fca6946c1968963d6d1f9db4aa32

SHA256
a03c543a1567c693f3b65f27dabd53eebdcb57502d0bd50dc512f7d4faf6964c

SHA512
679a0fde9900698dd6f0a55aa91233cadf02dd46b31568ee0a1dc5d8d56de86f6ff25a0a5ed751fb1d1a86adf5d7f308025928ccf3a059fde52ef4aecb13fcd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bee664b127725b502bc656102b8d8ff5

SHA1
d19b61d7f870572d698959af10807ee9e1281a85

SHA256
ebd1cd2f50ef6e60d234fe9f241bbd2644a13da45db2fbc173bbfd509da83327

SHA512
d4d071457eb63509ae149c20375b675db306b8256c06629410e93cb2ea4d93e509c16b52f77d331eab6775ab5eeefaac116d185e018dee39cfadea58cf780049

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
77a9a8e3ecde96d6d0bfc387bd558bf7

SHA1
64dd54ee083cb305b571c7d729f771c67e54f417

SHA256
1e7aebd214bd416db78c6ff6750c36807fa79231463d45655d8b1eccdf951b27

SHA512
89a80be474a51a8aeacdedd1b67156dfe1082b34e112c4c9a0cd275ccd4436922e6ba6f2471264f64ea570f107562ea867e9e9dea6193f62d25655d378f8646b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cabb1756631975f8effa09881e6adfff

SHA1
a92ddcfed205970b28d807129765e5b8be306db3

SHA256
9896337ac52ea7d78e4238e295077870bf998414a2ef6159676fc182253a7168

SHA512
aaab4a0a977163e8373216d7792d97d4e2cb67729b85bab87f7f955c323aa0dc4591f825ebf645f2262dbea961a86c5e7f70f4fc99eeac12f31c41f58b5f9324

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
70cf974cd2b549cc818ed246905e5241

SHA1
2e609a5c0345a781544c0ddd3eae6412a7007fbc

SHA256
c0f960b240ea2721cdb20167c1aeeaa02c4d3881746eea10a8e393256b0b5fee

SHA512
8bfbe954ad4ac73de29cc8a7bd33e2ba1a5d1c01c92bfd144d556b35791506bd8f29c0d7f1a30304472712e0729855501398bdb318aba7c32191ce56f5a789e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5c8441f226541cbe1e65d837c1abae58

SHA1
3c97e9ac3f8612805844d08ce5ba393e6a737b9a

SHA256
6750ce10636e697e77369a3366dd8df4539c47e72e9c190760f0d2427df58430

SHA512
40012c3f0e49587c1cf08db5f7734060915fd2c4e8f80540e25a9a827cdd3e3faa1977777a76ccbd48d78d29b62b2788ff508196a6e95ccb64a570996686a891

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
171KB

MD5
8119c6e3065b8d3374b43e3fdc2272e2

SHA1
6190dd003183440d52d713a43b8b72f4b7a16b28

SHA256
e155afb88f1129fad18653b59b7b0e3c75572dbb5d182744ac81e49d40bbbb12

SHA512
66f709653c5e1c535917a2551228817685146f47a01532552086b87a059c87d3d7ee790e27f0d2eadb9e8cf617e70796add61e8bf4a52b8b79826606bc777817

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
171KB

MD5
867fdab02d31f94b7a29592491ebd1c6

SHA1
812861824fe311fdc46436bf302be967be21deba

SHA256
48a73e7b456aaa5d118c16d456d00f8c2b9c9e6abe64fc2642ff1d6c5d16fad7

SHA512
49f2d4e0ba9c381c3e50626af32d3c3984a0508df903efc7aac1ad7b448c1dda06a000ce8d52bec258715931d9824f8c3abed508f465a9c382d12f7d34bc83d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
171KB

MD5
41e099c56e0667eb3e801e57c96f56c5

SHA1
ab9a9ff71d3dd2e261dc36eda44b878e104af40e

SHA256
1a33d1a1514367b5c544e9de5f873e50a5d3765e93b6a50380eb83829362b302

SHA512
31f5b6a02de5dde6593e0c0dbf7e48f28755cff0d802195ac27b50641bf19e6ab0e6b4af93e45ba73d266362b5572595890a1b2754f641cea82de2c71b6c36cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit