hxxps://auprivatehealthinsurance[.]info/au/

Analysis

max time kernel
601s
max time network
594s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
04/09/2023, 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://auprivatehealthinsurance.info/au/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133382649606987510"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4984	chrome.exe
4984	chrome.exe
528	chrome.exe
528	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4984 wrote to memory of 3676	4984	chrome.exe	37
PID 4984 wrote to memory of 3676	4984	chrome.exe	37
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 3784	4984	chrome.exe	88
PID 4984 wrote to memory of 4032	4984	chrome.exe	90
PID 4984 wrote to memory of 4032	4984	chrome.exe	90
PID 4984 wrote to memory of 4512	4984	chrome.exe	89
PID 4984 wrote to memory of 4512	4984	chrome.exe	89
PID 4984 wrote to memory of 4512	4984	chrome.exe	89
PID 4984 wrote to memory of 4512	4984	chrome.exe	89
PID 4984 wrote to memory of 4512	4984	chrome.exe	89
PID 4984 wrote to memory of 4512	4984	chrome.exe	89
PID 4984 wrote to memory of 4512	4984	chrome.exe	89
PID 4984 wrote to memory of 4512	4984	chrome.exe	89
PID 4984 wrote to memory of 4512	4984	chrome.exe	89
PID 4984 wrote to memory of 4512	4984	chrome.exe	89
PID 4984 wrote to memory of 4512	4984	chrome.exe	89
PID 4984 wrote to memory of 4512	4984	chrome.exe	89
PID 4984 wrote to memory of 4512	4984	chrome.exe	89
PID 4984 wrote to memory of 4512	4984	chrome.exe	89
PID 4984 wrote to memory of 4512	4984	chrome.exe	89
PID 4984 wrote to memory of 4512	4984	chrome.exe	89
PID 4984 wrote to memory of 4512	4984	chrome.exe	89
PID 4984 wrote to memory of 4512	4984	chrome.exe	89
PID 4984 wrote to memory of 4512	4984	chrome.exe	89
PID 4984 wrote to memory of 4512	4984	chrome.exe	89
PID 4984 wrote to memory of 4512	4984	chrome.exe	89
PID 4984 wrote to memory of 4512	4984	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://auprivatehealthinsurance.info/au/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd215c9758,0x7ffd215c9768,0x7ffd215c9778
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1884,i,6512023742050161575,11849600500455898628,131072 /prefetch:2
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2172 --field-trial-handle=1884,i,6512023742050161575,11849600500455898628,131072 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1884,i,6512023742050161575,11849600500455898628,131072 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2872 --field-trial-handle=1884,i,6512023742050161575,11849600500455898628,131072 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2880 --field-trial-handle=1884,i,6512023742050161575,11849600500455898628,131072 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1884,i,6512023742050161575,11849600500455898628,131072 /prefetch:8
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1884,i,6512023742050161575,11849600500455898628,131072 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3960 --field-trial-handle=1884,i,6512023742050161575,11849600500455898628,131072 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5376 --field-trial-handle=1884,i,6512023742050161575,11849600500455898628,131072 /prefetch:1
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1884,i,6512023742050161575,11849600500455898628,131072 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4644 --field-trial-handle=1884,i,6512023742050161575,11849600500455898628,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:528

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\56379de9-1434-45f8-b386-c7e9566aa5f8.tmp

Filesize
6KB

MD5
06ea3053706a4a4a81111e9e95a8945b

SHA1
16396689d5e71a64df83abb971f3414ff81c7fd6

SHA256
10afdb3206894daa738a863c510a35ab0f1cb9dfda79d080305dddea605c2ab3

SHA512
318131dbc9bb939cad684ea4d74f21d26b7392ae1dd151205e01752a3ba151515b6187c27912e169b7dd15e36cf8600090537cc4664d541ab03efad59fb693bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
fd4da7de2bf269f84e6707351aa8ad59

SHA1
4b4a8b41ccb6aadf67b2ab75a8bf3c521e650d1d

SHA256
c33795361f8d00bcfd92f64ca53dcf516b26a5530e455e84310cc481fef6cbf0

SHA512
4a10afdb2f18eda0ddebd0bef055014bd32742eaa0e61155bfed13f2288900e9fc1cb779b8bd7acbfe6a5c3a1c2650e5b512dc3803edec365f505fadea0e011d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4419e1c0aab81cd88c5d7db4fd4b9d31

SHA1
3c99e7995ae98d434527d53f2e328ce42dd8bcdc

SHA256
1201468e133ee068fc6fe994f1a0805cfe8ca4f5ca4b4862e2086e2b43787587

SHA512
7739623623da2e504cd7c5483bc0868a7346ea55499156eaae73523b277f144aaf2f1cd7187d88737ae50f68f22b2add36ab5c874948c48d1e07e215b8a5897e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1f0a058e2c03ade0b01cc98970e3b908

SHA1
161e6b74bb58bbd2c41c2ae17c0a8a34a8a5e340

SHA256
8c9f1c0b43aefe0b4affbbe217317291fd66cfd5de32813283ea4a04611208f0

SHA512
712af6a7acc6231857a17aa97db17549da87a546425ad3fbceadcea96cae28853e82f347fa848370782c4f0181b0e9b8ac9092d26b3e8d78ba8cbfdf791a9c5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
755471aa8fac95aa92fcba5c34597198

SHA1
d673aa809b440b56785436743174cb6282774fed

SHA256
fe3a8cfe2d8bfa402e8a1860b9bcc52e30e73c4c7aec048443d98ddc68917dfd

SHA512
8887a314909966f2b4cfa4d9baaa437f8cb9c83d90129100c0c5b03cac2ee125d24e1eadb14cfeb8d06c13aa4251cfa6bad12cf2c78f069322ba55d561d2cf32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
25dd7daa610249fc480d991efa147780

SHA1
9411d275c4cf0040f01ba752b98a905d801b98c0

SHA256
1f4b9209a6543c1b121832b1244897e734d1485ab8025803584b4808184280a4

SHA512
b11f6b8d7aee564d83970102bd6c8c6d672cb65838b264aaa8182f452cd13c9e04340a3e1cd9e0bd3eae0b608fc696c9b00ae6c854cdedc638431adfc1244923

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
643041ec0b9330ea96da2b1142a89ca4

SHA1
80567644cb79895d8ad30ec99eddd19330de1653

SHA256
df972026faa7edc1d3216920b60ca328af2cffe4cda88b50342e11818836b4b2

SHA512
5e4cba9c20e084cce5b3337dfa049fc65de2d7c00948c1fb628a9059a74c6edac298ce02f310c2c7335f11017435a8dd7dfe30d29ef3d6bf6f82281a997345d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4806226fea3cb9ec1bf53ff5f0cff314

SHA1
d7884f175d42ccac181e1bae9f7e65c105538aac

SHA256
acc0640ca0d50a0192001f2a7b577fa5f79bea2f9a73ff94f4b150519b3463d5

SHA512
47566441e7cf74296f37de3c02522c5abce3781cdfd6420bd4709a6179df96316baa40540365b38ac37e3237433908e01c0b2db0f1e2939c1e87c36045ac0578

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8b3325bd6c4ed1fc1690ba173c4ef227

SHA1
b2a58e37bb049407c6aa47eb926e1a674773fd6e

SHA256
234efa7b97c450f488e873a98af7e632ecf4b23ff94eff11fa42799496e3ac0c

SHA512
982bff2650fd2d457e65eb7d7ce80eee0dacacbaf6ddac5ee1463cab6e7265fee1f68d04962d94e1cfc27d3e3dc2f2a78ae559dc96f04ddbc4c812bdff328dde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
b31a561655e9fc9ec72acd55c13e4f46

SHA1
88c13b1b2569fa5bb0f179c8232e6bcc05637377

SHA256
342e96c6306d5c47aebf7c1ada055e228fb2cc9e403715f06eba9ba2a1909d48

SHA512
09f2c8e488b90d2986b43695f15c939af7f02b54023bfe282b96266222d06699378ee0d95a1adca989663221acb471463a81ed9c8cff3cccd0904b18fcf01ef1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
4d0f4c07265dcf264367f062edf1501d

SHA1
e4f4e2f499bbc6ef12a1ea474aa41b51e658aa25

SHA256
841fd5dc7173245445aaeb4affc3d089289da6e68487c99bdff522ef6f2b2b90

SHA512
b1ccb3f15d50de103e45cec70dfc479766c5a75e9877f6acd8fe4d8338b3dd52d8a5a930dae08250928bb74ffa378c569ef3929099badeab7b3a67903bc0bf0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5823a0.TMP

Filesize
103KB

MD5
6aac1ffe42240c9513a7a548e81eb453

SHA1
f638d9e5bfeff989f10fc6aa39a2bf6a4aa2ce0e

SHA256
859b88dab0a2d153b4fb8ea78f2deb44a3562ea4f476ada4dce92354be551e6b

SHA512
6d88feaba4e60cc2f5a98b051b0ed3aefb958c8b1a84e5846a08a23aefa4f594ceb1b903423dc96484671e2c2979c6acd4bb433d3defb022cf49e4f289440f32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit