hxxps://www[.]google[.]com/amp/s/dvdcdduplicators[.]com%2Fpn%2Fflmswwmb%2F%2F%2Fcasey[.]theriot@expresspros[.]com

Resubmissions

12/07/2023, 18:34

230712-w7yvssfd3w 8

12/07/2023, 18:27

230712-w3xryafc9z 8

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2023, 18:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com/amp/s/dvdcdduplicators.com%2Fpn%2Fflmswwmb%2F%2F%[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133336600556378512"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4980	chrome.exe
4980	chrome.exe
392	chrome.exe
392	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4980 wrote to memory of 3888	4980	chrome.exe	75
PID 4980 wrote to memory of 3888	4980	chrome.exe	75
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 692	4980	chrome.exe	87
PID 4980 wrote to memory of 4480	4980	chrome.exe	89
PID 4980 wrote to memory of 4480	4980	chrome.exe	89
PID 4980 wrote to memory of 3808	4980	chrome.exe	88
PID 4980 wrote to memory of 3808	4980	chrome.exe	88
PID 4980 wrote to memory of 3808	4980	chrome.exe	88
PID 4980 wrote to memory of 3808	4980	chrome.exe	88
PID 4980 wrote to memory of 3808	4980	chrome.exe	88
PID 4980 wrote to memory of 3808	4980	chrome.exe	88
PID 4980 wrote to memory of 3808	4980	chrome.exe	88
PID 4980 wrote to memory of 3808	4980	chrome.exe	88
PID 4980 wrote to memory of 3808	4980	chrome.exe	88
PID 4980 wrote to memory of 3808	4980	chrome.exe	88
PID 4980 wrote to memory of 3808	4980	chrome.exe	88
PID 4980 wrote to memory of 3808	4980	chrome.exe	88
PID 4980 wrote to memory of 3808	4980	chrome.exe	88
PID 4980 wrote to memory of 3808	4980	chrome.exe	88
PID 4980 wrote to memory of 3808	4980	chrome.exe	88
PID 4980 wrote to memory of 3808	4980	chrome.exe	88
PID 4980 wrote to memory of 3808	4980	chrome.exe	88
PID 4980 wrote to memory of 3808	4980	chrome.exe	88
PID 4980 wrote to memory of 3808	4980	chrome.exe	88
PID 4980 wrote to memory of 3808	4980	chrome.exe	88
PID 4980 wrote to memory of 3808	4980	chrome.exe	88
PID 4980 wrote to memory of 3808	4980	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.google.com/amp/s/dvdcdduplicators.com%2Fpn%2Fflmswwmb%2F%2F%[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe3e49758,0x7fffe3e49768,0x7fffe3e49778
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1892,i,14896253249981994935,6125075446124164937,131072 /prefetch:2
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1892,i,14896253249981994935,6125075446124164937,131072 /prefetch:8
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1892,i,14896253249981994935,6125075446124164937,131072 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1892,i,14896253249981994935,6125075446124164937,131072 /prefetch:1
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1892,i,14896253249981994935,6125075446124164937,131072 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4516 --field-trial-handle=1892,i,14896253249981994935,6125075446124164937,131072 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4904 --field-trial-handle=1892,i,14896253249981994935,6125075446124164937,131072 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1892,i,14896253249981994935,6125075446124164937,131072 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1892,i,14896253249981994935,6125075446124164937,131072 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3088 --field-trial-handle=1892,i,14896253249981994935,6125075446124164937,131072 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5256 --field-trial-handle=1892,i,14896253249981994935,6125075446124164937,131072 /prefetch:1
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5064 --field-trial-handle=1892,i,14896253249981994935,6125075446124164937,131072 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3064 --field-trial-handle=1892,i,14896253249981994935,6125075446124164937,131072 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5348 --field-trial-handle=1892,i,14896253249981994935,6125075446124164937,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:392

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5004

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
6c238fc421dbdfe2557733b7c06e9bda

SHA1
1bd30b0f55c764577fd3b1b0a870b0a38f1a8e13

SHA256
7f2c0d81336a36bb1dca746627f650266d19be4aaa9881b8372bcb03fdc17d42

SHA512
2fb2190a053cc308d1215035aa229597e3471d6e93062ca47aa277b148ac298a01e31dcf91243348655838169b9de5a89b5201cae22452386bcb59c97574a0ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
605e63da51e32768b7c72bdde7918b59

SHA1
7ef123bfbd8c99d3e1a1d94b99d137563baa3031

SHA256
c36a8a0ed5ee4f8f16518acd901020b0485edfdfbf57a60c161da94d56d1bc7c

SHA512
325ab85c3da84e1bac017b1eb90a3c567c5d96f8172de52510f718c8059a42ff7a30c61d740a7cdb6925b234649a2fb866287a0c0abb098a3142529a7e82310a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a808fb4614b5e78230950bc86d26bcfa

SHA1
c93c9deb12ed439218ade37aeb175d02bdd4e2dd

SHA256
6669a9f8463d788f8e77b4cbcf9de4967bdf0c892f36ec5cb0214cc2def9c0e3

SHA512
fc74d3470a90ffd4dd4c0ad178b9c5dcfedd89c8963bc6546823e12fc347f539c4c53eea07f10acd32567c3a6dfedaf9e984d4ae53466a4645830177669f6c3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
25246506a07b5a6a65fe1bb8cd28b02a

SHA1
100d80673cb41b1e04fc80b098d1603314de559d

SHA256
e3be98bc32917a2410abdef31401fe2788312b723f151ed12406431a5749f786

SHA512
444493e0e58b8aefefddb2e206d7b7ded9c9199d8b917e996ec021047587479ba0266df637fcfb3971eb3e9742bc36d7d4e80f8679fb18504377ce88b3ec0b54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
20d460a623478486a65ea1726e1c66ce

SHA1
705922f08ae330af8bf97988b3af9da33c5c0f8e

SHA256
792848a55c16d02866a0103738f5e2684508c044f439d86ae52a5c2f113a92e0

SHA512
0c80046d25e6a435a24b8caad5c403228e6c9d4c0f73529c5a7673291acb0b1e7100f3bcb6659754969ce16ab3812c227bf1ef82d6790fb8349669c29b697195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
add782232b227c482184ddb9784cd383

SHA1
e6e4210eac7436b0d5639d7989c1fe0e0c233cb0

SHA256
752b7804f9af243f4d17666af7383226772fa0bf0c5462a5f46bbcf429833b77

SHA512
d5a0a869592a5cb3653db139e073c830410c49219e0a373ba12e952b81d574b3fa49a8883797305a0164cfba584e2de8a9dee3b5901d632a3af2dbe59fc14392

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3061c8d42be6d1181f616b998414e46c

SHA1
cff5f379726db7c1219fb41289047b8510bd5a4c

SHA256
481df548f7a7c5033c49d06026b2daa5869accd4b6e8cc115d8b2ebd0ab1017f

SHA512
008eb7a419a566767cfc4aef10e0d7a5e9e4eebee07ac8d481fc748f26beaa56757bbaa22f8f3c4920556370c2086c899134c82db63ce3652b03df62f1cc1495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1cd4e560e909a2781bbdbfddca99aed0

SHA1
aabed7ca43a60ca6dd1676bb43e7636a674d7ad6

SHA256
865cb66f24811bd7f5dd4d17b248ac8acd7bed576de1db789ad766d1c8a5eb5e

SHA512
d0fea88d7dbc39ed5375cd10b47a5ffa2545a8a71d0af8d5bb8eab116d6276af14c5ed9bcc1fa915f2efb35d04771db6d1b86a671909e3289b7ad69bb06fe21e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
82ef9d4635a9cd6106221b3ebb69a62f

SHA1
ebd2cd292529c7c58897e3052019828f5c248588

SHA256
ffc1344aee5798b293d3f515db1beb84b66c259701d41b768b5cbddb1e99d9e2

SHA512
23e60a891f9895959692244e556696bb120c3e5cbc242602abaaa033a84b6196f6935ac0482648e9a19cc6110e35a54dec963a99576f01e245fdbe38a063723f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7f624204e18c7f66002868773f152a89

SHA1
cba9dc8b54ad9dafdb610e183d98ba1528822feb

SHA256
1d46f6a8c81191cc79c7110125cd5f1d6620e9dc14a063f2bbc52c4667768b7c

SHA512
0c8e0e95f430530e43be30de152ee6cd22fdc191e44887d7ce11fa6196185eb34983e9bdcb9157348e8d823c20ebf51b0d81f51cf60f7dd0e6c6b00474e1cbd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
17d535e4fd74205bc26b293ac84ae131

SHA1
49c5656255081cf128944f9b68ee7864a48dd235

SHA256
e3914c497be05de695d210fb024e8f36fac42b58a97904b1d53669dca4daf3a0

SHA512
4be6eb9152f2a87666fab5349c30ea8de8a209c0be1fc91771f317f9d5d175d4eadc2d428c69b935a6a49dd1059722dfd80093891bb4fad6fd50ba8871aba68f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3c2251fc948b09a677a26b7e1aa91f4f

SHA1
8b4097e8bc7604739c04b095fff7ddb055e42fc7

SHA256
5a4f404b89bbd62e12cf86bdf62a40aa6973630a21a35f40049923df1aa86905

SHA512
8862725a3daa5a8373cf9b08eb79e1515e3a0972d9918a9ff1005476ec86f730014ea84d2db1b00ccc2ec29b38be7b57b627801c8ab07e076abcd9c441a363d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1c08e9c931c928e96b64b5dc8fbd6459

SHA1
a464cb5d996204a6c8ad01d90e6f58a2c5b462cd

SHA256
c1f0c99d01f915789b3238647c2f8de9dae62f91024950b263b34dfa9733704a

SHA512
0e21437ad041649081a8b6f7eb601c46ab36b9cea555ffbee8ced0ec9ab5de0d6cef8c4b30b3e36744229c16d7234ef28bb2cdf12f879358bb483caf426ba49f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
c4f64d0a5ec3d81449782bd9dc431838

SHA1
6f35a6d5fdae4d8365e854a53dc7757abfabb663

SHA256
d61d320be4cdb7ca611ce4b1a3d22d4f3ece9a2805ff7a60cb5349032a054e97

SHA512
9870ad176dbd5c99a6c8346a04a14b6766882a03fecddef63165339ef85b76c53628d920d925b9befc290c38b06c681e6799c6a21f73c86b9bfdcf61357aaf6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit