hxxps://aidaforparents[.]com/CL0/https[:]%2F%2Faidaforparents[.]com%2Fdashboard%2Fcare-facility%2Fset-filter-and-redirect-to-dashboard%3FfilterValue=147-665-883%26filterType=patient_aida_id/1/0101018930f59933-224b34dc-12e0-4ee1-8872-df7c76087312-000000/WsQgNJhSO6gpsyiAEAnCXFARkYe_WuA2XzQ_iuqh-Ts=308

Analysis

max time kernel
1800s
max time network
1690s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2023, 02:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://aidaforparents.com/CL0/https:%2F%2Faidaforparents.com%2Fdashboard%2Fcare-facility%2Fset-filter-and-redirect-to-dashboard%3FfilterValue=147-665-883%26filterType=patient_aida_id/1/0101018930f59933-224b34dc-12e0-4ee1-8872-df7c76087312-000000/WsQgNJhSO6gpsyiAEAnCXFARkYe_WuA2XzQ_iuqh-Ts=308

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133332557625951274"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1292	chrome.exe
1292	chrome.exe
3228	chrome.exe
3228	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1292	chrome.exe
1292	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: 33	2400	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2400	AUDIODG.EXE
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe
Token: SeShutdownPrivilege	1292	chrome.exe
Token: SeCreatePagefilePrivilege	1292	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe
1292	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1292 wrote to memory of 4696	1292	chrome.exe	27
PID 1292 wrote to memory of 4696	1292	chrome.exe	27
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 2784	1292	chrome.exe	87
PID 1292 wrote to memory of 3792	1292	chrome.exe	88
PID 1292 wrote to memory of 3792	1292	chrome.exe	88
PID 1292 wrote to memory of 1992	1292	chrome.exe	89
PID 1292 wrote to memory of 1992	1292	chrome.exe	89
PID 1292 wrote to memory of 1992	1292	chrome.exe	89
PID 1292 wrote to memory of 1992	1292	chrome.exe	89
PID 1292 wrote to memory of 1992	1292	chrome.exe	89
PID 1292 wrote to memory of 1992	1292	chrome.exe	89
PID 1292 wrote to memory of 1992	1292	chrome.exe	89
PID 1292 wrote to memory of 1992	1292	chrome.exe	89
PID 1292 wrote to memory of 1992	1292	chrome.exe	89
PID 1292 wrote to memory of 1992	1292	chrome.exe	89
PID 1292 wrote to memory of 1992	1292	chrome.exe	89
PID 1292 wrote to memory of 1992	1292	chrome.exe	89
PID 1292 wrote to memory of 1992	1292	chrome.exe	89
PID 1292 wrote to memory of 1992	1292	chrome.exe	89
PID 1292 wrote to memory of 1992	1292	chrome.exe	89
PID 1292 wrote to memory of 1992	1292	chrome.exe	89
PID 1292 wrote to memory of 1992	1292	chrome.exe	89
PID 1292 wrote to memory of 1992	1292	chrome.exe	89
PID 1292 wrote to memory of 1992	1292	chrome.exe	89
PID 1292 wrote to memory of 1992	1292	chrome.exe	89
PID 1292 wrote to memory of 1992	1292	chrome.exe	89
PID 1292 wrote to memory of 1992	1292	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://aidaforparents.com/CL0/https:%2F%2Faidaforparents.com%2Fdashboard%2Fcare-facility%2Fset-filter-and-redirect-to-dashboard%3FfilterValue=147-665-883%26filterType=patient_aida_id/1/0101018930f59933-224b34dc-12e0-4ee1-8872-df7c76087312-000000/WsQgNJhSO6gpsyiAEAnCXFARkYe_WuA2XzQ_iuqh-Ts=308
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c6039758,0x7ff9c6039768,0x7ff9c6039778
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1872,i,8943189962342291477,9247042975547467138,131072 /prefetch:2
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1872,i,8943189962342291477,9247042975547467138,131072 /prefetch:8
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1872,i,8943189962342291477,9247042975547467138,131072 /prefetch:8
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1872,i,8943189962342291477,9247042975547467138,131072 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1872,i,8943189962342291477,9247042975547467138,131072 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 --field-trial-handle=1872,i,8943189962342291477,9247042975547467138,131072 /prefetch:8
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5416 --field-trial-handle=1872,i,8943189962342291477,9247042975547467138,131072 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1872,i,8943189962342291477,9247042975547467138,131072 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4704 --field-trial-handle=1872,i,8943189962342291477,9247042975547467138,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3228

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2304

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x3e0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2400

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
fe0feb9fb6074b1483ac199a3c330c7c

SHA1
1b71fac96dc07019f14fa6f900e34d73b88e4890

SHA256
7de5f8b0025e3359b43e0b953e5f87d5040ddc88ac10ebf47cc32e3abb75d72a

SHA512
c33fec2df448403556a50ffe20de70642480686171b6dd9395f1469c8ecb865db429d9fb60ecb22b5f7919737a727b1f4766b060699aaca4962ff491aaf47558

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
962d787acf43288f185fe23ffdf108bb

SHA1
5b7f5177a0502ddb3130e11b178dcbedd90494a9

SHA256
ddc234b56d98adb4a79f4c890a352fb4253739d5151d387c3c159e23692dd0bc

SHA512
e766191e550f90885c991dc631e206468283b921142f21fe5ade957d0cb761b0918f03e2ae12916c999353f5a8cdee8fbe3bc14e8dcbd404756a180bd8eba100

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
24e4fb818874099e5701b796281f521b

SHA1
03365e21861a97403c393bb9efcddbaf11eabc09

SHA256
e2e8236c9e6c2b2e50bfe3e83fa0bcd298f9583f541d3bfac07482da36bcdf76

SHA512
67ed3adae21db029ebafe1fdb344a546480a8ca2574dbd2f2c3b0f2019c2d9ef4d8796eaf461ad192de1b063541bb1099c74ea30381417371fd5545738f6cca8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1f7e83845a5c4151cbfcbdcce0867fc2

SHA1
b326b025fcb2ce18e19b4ea618413d28655f4ea3

SHA256
20ceb7d93f196e8e6258b899064c1c76bcaf4cdf63482b6613ae5339899b87d0

SHA512
034c06226f66d75ef6b89b717f35428a425bcbabd14ceda7c378eb9beb8376ec655f78e78bf7fc8da46b665a5087e2971f0064330a4dd021505eceb5b5f16867

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e5080b6389deedbfdfaf3df7694c8408

SHA1
40c979ed9c3a7d32aeeb90e72ca76562b8fa0c21

SHA256
a8478ce811a00036d9cb2a70af4d31a5d3b10e820e5123c8c85b74fe09d10f69

SHA512
e52edf4a3a08975876bba15197112be84ec6fa50e5dd4587f9336ce8ea622f23cac269043a01405dd9742794bec2a384d51968a2acbc8448913f423b5b6aaf81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9349b15d2336315df73f6f80e3ef2888

SHA1
dd448610ed740b5c5f63e7a59d40d6f418410149

SHA256
7136a057f42e4012e263279ff5f93ca09f2d25d3962266cce099c89718010dea

SHA512
da3822b760b37b136a71cc9e41344b34d473df99b4549b76991c2425318c10cb14155795ff89b7943a58fca42f84dbd3c30a8bb297c801c1bd37208e9a973128

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2011c880f825966638c056ed1d79ec31

SHA1
f84acbf206c61815816490cd0a8d2a7afb612450

SHA256
7098f550507311bc4101009b149bdbc51f8cf39b6ef559092de267b2f7c92e60

SHA512
d92d4f472d7b89514452ce08475591ee5688478bcedd9d5d960ce3c19e6536f15817897545e84594a8098a27a2b7bd88f6ee5082b1274ae22d88940d30e20e77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e546c716ca847991960eabe3458fb461

SHA1
71accdd9e5e7db82cd91a69a5a47a2ce53ee726b

SHA256
b99ed81f267f01587995593d08eed4b65132e6f5de454c0b26c1c5736f56fbeb

SHA512
0ca54fa42f0d1b012e013302efd3aa61b5ed149b07dc7d36cf71c84efb1e7c2c6352ff3350980b69e8930fc95b901e7c08b1223e41b85db9e8e0b6bdc53b5968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
033bb66a08876ea34ddb2282f702ece1

SHA1
b96f603af3bfc6c23e77ee5abeaac76273387ed2

SHA256
170a4796f6fc96d64b7abe53ccf1c4fae75b96746e39402b8be3f02257ae83ee

SHA512
b795d69f2bbab40647fe02b36017dd20168272f294302ad04c7e8128eab9168ab87eae6c6f3bd17099364da6addff6a12f2171c4cbc06c6db831e30acb7fb27a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6e096687b8bc1fc14946c0e9d3ba0bff

SHA1
1d2c7e869e299b699d01b384ce14cc735499ccdc

SHA256
cd9b683d2012480567124125fe06b206758a9a117e5c71c4d81037b3062add48

SHA512
dfcc4aee6d6fe1f325fdf44af7fa8517102a65721ca48f17c9bbd6e4db95ed1ba20632c2439980a1cc48382be1ea4731dcc4fe1b7a00447220067f89c474c36f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4eedceb54c6970229241c4add22a3c2b

SHA1
af558d28eff83ce5c81730e95859c3f24a1b6215

SHA256
a4b93a9016a30dc4338089fc7bf60073ba735fe79a9855699c12d352f732a0ac

SHA512
31c93263332de459e1b783e85f7b76468f281c7d7a6135509b39bf6312082381f2e1ef0b21d60706e798f189923be0496fcd64b58fb48b2feb6b303c54849fb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
00b05cdcab4487f1ccd67e6448275168

SHA1
4adf01bd88594117b47e68f470fdd58ebc1cc8d1

SHA256
040eb2944166c59b523b3f7595aa23a81b7fceb5dd37b8011456ad1bd31667dc

SHA512
6e245d4a1f07939c1de214c36ced1306ee7a643e0953f46a4f57c0df937e9b74470211e4613e9da0c17d888086bf4e8aa9d125c0f968faa693613a318e6913e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ae5ecb5e8318a66c35517ea952252a9a

SHA1
9c52ee891b3e4f76cd0b0290985d39a5ffb899e8

SHA256
0f1a3c4fe3b3718a298a1c49729cb3e784688bbdf1ad8d97cbf65b84a05656cc

SHA512
b055c57ee568d928bab26211762175e00270c1ad569d0eb777341ac8450ed1fbdd2a6c6f1ec9c0598f3e7ae1e7a6c92b0b86b177ec6af2de977dae4e66584b51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
18eadf3ebc6f701deffbda65ebea1f59

SHA1
2bbc618cb3ef6a95cc2c8503b2a9100fff90400a

SHA256
5b654243fa066a129ded7b833605692ab5ad976b98849eafbef22c48e9e229a3

SHA512
cd9461636ef7e7b48e64bda4ed09bcb66d818ca1ce72a662ede9565ca7b96582a59c028e33bd0d5d95bc28ea5149ac79ed4a7fb0bab8008d0cf60c049f9a8a28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit