hxxp://nxtsoft[.]nxtsoft[.]us

Analysis

max time kernel
1200s
max time network
1198s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2023, 12:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://nxtsoft.nxtsoft.us

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133408949254927571"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4620	chrome.exe
4620	chrome.exe
1544	chrome.exe
1544	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4620 wrote to memory of 556	4620	chrome.exe	85
PID 4620 wrote to memory of 556	4620	chrome.exe	85
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 4448	4620	chrome.exe	88
PID 4620 wrote to memory of 1708	4620	chrome.exe	89
PID 4620 wrote to memory of 1708	4620	chrome.exe	89
PID 4620 wrote to memory of 1928	4620	chrome.exe	90
PID 4620 wrote to memory of 1928	4620	chrome.exe	90
PID 4620 wrote to memory of 1928	4620	chrome.exe	90
PID 4620 wrote to memory of 1928	4620	chrome.exe	90
PID 4620 wrote to memory of 1928	4620	chrome.exe	90
PID 4620 wrote to memory of 1928	4620	chrome.exe	90
PID 4620 wrote to memory of 1928	4620	chrome.exe	90
PID 4620 wrote to memory of 1928	4620	chrome.exe	90
PID 4620 wrote to memory of 1928	4620	chrome.exe	90
PID 4620 wrote to memory of 1928	4620	chrome.exe	90
PID 4620 wrote to memory of 1928	4620	chrome.exe	90
PID 4620 wrote to memory of 1928	4620	chrome.exe	90
PID 4620 wrote to memory of 1928	4620	chrome.exe	90
PID 4620 wrote to memory of 1928	4620	chrome.exe	90
PID 4620 wrote to memory of 1928	4620	chrome.exe	90
PID 4620 wrote to memory of 1928	4620	chrome.exe	90
PID 4620 wrote to memory of 1928	4620	chrome.exe	90
PID 4620 wrote to memory of 1928	4620	chrome.exe	90
PID 4620 wrote to memory of 1928	4620	chrome.exe	90
PID 4620 wrote to memory of 1928	4620	chrome.exe	90
PID 4620 wrote to memory of 1928	4620	chrome.exe	90
PID 4620 wrote to memory of 1928	4620	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://nxtsoft.nxtsoft.us
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea1d69758,0x7ffea1d69768,0x7ffea1d69778
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1880,i,15290629805537093441,13436436710768343159,131072 /prefetch:2
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1880,i,15290629805537093441,13436436710768343159,131072 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1880,i,15290629805537093441,13436436710768343159,131072 /prefetch:8
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2944 --field-trial-handle=1880,i,15290629805537093441,13436436710768343159,131072 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1880,i,15290629805537093441,13436436710768343159,131072 /prefetch:1
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4944 --field-trial-handle=1880,i,15290629805537093441,13436436710768343159,131072 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 --field-trial-handle=1880,i,15290629805537093441,13436436710768343159,131072 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3884 --field-trial-handle=1880,i,15290629805537093441,13436436710768343159,131072 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5896 --field-trial-handle=1880,i,15290629805537093441,13436436710768343159,131072 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=6112 --field-trial-handle=1880,i,15290629805537093441,13436436710768343159,131072 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1880,i,15290629805537093441,13436436710768343159,131072 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1880,i,15290629805537093441,13436436710768343159,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1544

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
751433b56d1e0227b79d880acd2a6a18

SHA1
4583ba33a87576f29b2461eed1924e19e09fa727

SHA256
af179445b7145fc6590ddf7c3cad5344f029e174caa80c29988f1ebfb7715989

SHA512
38a426b9fec50c49c9a2cb0d0af34d2cc794c087f7fa974d3fbdd1a26181503658c3b338c880cda7d9ce194d9ab7f9d72cfd7b737931682f241779bc2cf1c0a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
17200b1bbe033e5a9707ea07af98dff7

SHA1
9c54c9232f9d3f2c50b32d3f1ee96ff2610eaaeb

SHA256
e9927e7aafb4e89a5f9b69594d644ed3c421fa4ce3473670bc610b0cce2374df

SHA512
006de1e21fa229ff65e7b25d4e2d0d59f79f16a70c784ba151efac6dba5839f77e25bee5477c1155794199b83fef56efdefdd8916bc0eb8bc264b54a1621925c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d92d1e948580efd4d0c043933de96426

SHA1
7d1a8cf86681f0c584bb1539d94c9c29f187824c

SHA256
d2b1c17e588baca294fd152754d5eaf6e76294cbe25b84d2fc12be5cc6323e3d

SHA512
4029f61f1cc73712e264de0e78b9447e326b06d4e1eed9125736d9608a5cc49b44d57ea8f9e004f6d4952529663937ee74fe1c43834137e02bff6c0a0d150ef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
baf285e7d03978ba8e5967a0b2e29b02

SHA1
28844bb06e654cce7159905ed253371d1272c5bb

SHA256
d3346f3e16dfd429ae29347e710c63e00bdd9708c546e02cf38e8d7ce9db6d7e

SHA512
71d409facf8165ce7bd8a027c2ea1c50f3bbee0bf33131fe7cb30e104df306c3c6a1c075a4f68562c1e5bc57b9cca66b87dac7251b1606589be413baf9377ebd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
be3566dd4e89c5bed307f5fdb307fb3e

SHA1
6336055d447fede1b626669eca6993c19c560ce1

SHA256
9704b79279f949987c0ed542e3c96227840572a99775d90a0ddba2c99c8bdad8

SHA512
25c859c8a646d458ebad5fd204ec0a7d656cae7ada80d5b46bf4e9be573d2c9d88c78c017ab131fbd8851d35e53cbf5162ebfb9065f0a8ae751c9ec4254fe438

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
727f93945c977f80cda4db2911f9b209

SHA1
c282d5b91342fe52209d982582b3bc9c6e060d59

SHA256
26f1941be291fdf17c6df88ee7d85989b8429eda9781d2c00bfd2a127eaaffb7

SHA512
3d87c4e53f16c69240adb1d8175a025cd445a3fccf7b77afd4cf5b62d076bccd35a32b50f9f14eb01f42241b0a3c91184e8dc775293bfa4fdabc1c3773010995

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7342013f1f15eec7e3146a0216997045

SHA1
6d134c1937395a9c41678fd0be86763b93885ed4

SHA256
f1c854dbe9f23f84a80259fdd71ffbead5bd51f63d914c375fab9bd52d958830

SHA512
ae0ff163973204209c0276c341ff147e462544cc1d6272add13ca43114b878e703fc54eeb91228c0526a8d45ff4fdc5ba62007b11f78f60f012ea73fbcfcefcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ae30d4606f8009594224f09bf6e60ce9

SHA1
b5a03fac04d09cf93c72085ca07cd8af99896290

SHA256
aa487533d6c9418be6c6f1262e9480de73767663302a70777e5ae15b281a6a31

SHA512
cf608ed819ab988e43cf08aa5786a17ee9c4b1b9359a726fe6e7f580b5ebc96d1e5903ad4c9a7ef06f87bcbe23c283173e17503570f0b42df8d23ab26ef40d55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
10a52a33d5e940c3782f2aa51ce50038

SHA1
9dde1bc26886e794858b4f661ad3039de1d19423

SHA256
93d0aa7563e05e3b173fe3fc8b87dcec8da7e250f1cc6d0bf93d95f15e6a84da

SHA512
b5770697f8b00895534cefb817594bfb499e68b2e4f00e336c3cf4e764bfdfa06735d079d742df5b5f8fa506920e5da62c1380c53b21e1fbfae9f84989ccf300

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d15377abb21b270db548822bed9a676f

SHA1
ec2adfe3654b0def2864e989640c9af784d5cc76

SHA256
083603e3a8be99dc2d7fa64902577c25ec095998f91f17e28f6564265aa6d491

SHA512
de38b76efcacc081298008d55b9422bb6489eaf608a8d91dd907b18839aeb0210da4735fc08976307c0f1e0faf1894ae6a9b9ce1c3949a8b00fb0db7490286ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c690fc80-c209-485b-85f7-f14877841a92.tmp

Filesize
1KB

MD5
f22fb1c5ac4d9d8d6382983195ea152a

SHA1
54e2143bbb4fb8668357972376b92794cfc616c7

SHA256
487eb53c8978753abad3d4f7ef31b580228cd792ab1589ef3d768f2e9a72a5a6

SHA512
91038b831470efa0eb4b193c93a0d75a65a9ef14273ffab1708393d5ed53b35b0556cd31a108638d7b91d67af3c2bb73279f8310630b5d20bf567b96f743add1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
87398c43422ab6f2cd353eabbfd72011

SHA1
41a54fd85cb296841e50e47020f0863846461d1b

SHA256
507017fb15e787b6cbef9cd501187fb67ec58436ce3b8451f3e6ed01a59aaf03

SHA512
36495beb1714a2c83c45f8501e2eefbb816494cabd1611ad24cefb06a8de73619583f03b1e46c6296a546318d92653d05f23f8d9f93c84ebe4ed9855bbdbebbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dad2ba4d2b419bae337fb4a1d1e7adc2

SHA1
ad9db988bb3e9472908c286791bc28b52d7b3884

SHA256
61aedd8f341a1574d7f934a88206c1e2805065d7be2a0e5d52f9d00da3a9da2c

SHA512
6dff786ed7b9f40fcf99ccaf87d85c320963853f393cc8528010ff080dbbd9a4af16d49c2a54ae5ff482d0fc3c83600dc43d43c99f094e548df0ade6d5a409bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
15f1823b0d0ea207b1627677276d4ae0

SHA1
e9d2febfe4478cabbd51fe792af1201c62ec6587

SHA256
9a904be0dadc5cb08149229371d4b5e2df4fd13a7cbb91faf02c26c294c0d46c

SHA512
8b0ca72996f7ea931d4cfcef2e68c76c91f5da651b02fb9f2dbb14794a0283b68e887ad0c7522ed776019ad1478f6d200a9dd666e9415486a5e524643aa9e4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
7d5dc88cd9bac8dc29f0698718f92477

SHA1
e167404e8d4c51b2bafd385231803fbb9696adbb

SHA256
9d0db49419b09c74a84b5171df47afea7476f6b59b60c60ad4cf0e621ac16a6e

SHA512
4a69ee449aa637c443951826552d70040dfb77eb88efa779ba0609f2da3fe48d2698ba1ab392254130aba659ee17f701838d5f36e834db549346fd959b384bbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
5580fce3695afca0d243905cf59de94f

SHA1
ac11f075686385bd3c92f46996d56ad70b391282

SHA256
5f77caba6478b865d0578ed21247868d1eeebb7c52a2aca37c916851109dadb5

SHA512
783ee636134d9cc1138ee552c1e107d2cbaf2fc79cd4a4038a84ee8a32131818b47ede64706f3d28c50a2e7cf7c2e24e26febc802b0349fef4c44f2822fe43a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58b997.TMP

Filesize
101KB

MD5
cae0bb2b888574ce354ca98d3bd85dfe

SHA1
2fce633b2ce9bd26a6321cf37460d6ec2347e897

SHA256
684ab8beea9f68ef6e1f40e6ff56552dc64ff3e6599b27aa8af0c60b50f262ce

SHA512
057ebd9494e16adff66e1296ca65e2c5f0ba19394e1f154ca6ecc10be0e2e048eb7a83c4dcbc389d6a6f1e51b666636c99307e48f2fbfe816c71875e970e7842

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit