hxxps://www[.]bancrof[.]com/products/222dgrh?ttclid=E[.]C[.]P[.]CrsBixTUsLKyiizaYfOvINq2aqwHmwYb7MnjydUbojk991e8nGqvNBFiCl-Xjep1M_MJlG3u-p8FNm1Glh9jiFrbxqJwBOHVWkzN5Z8VJjfF1UCgxJw9mRzvBllAReoufjlSejdRkIeqachhOoby3DuOI1BEs_8Jl9dHypj3KA_-7vj46l70MdqEtVL3bcTkwbggtn9wWvVypSYwJ7feQ1Ka0gpQRGbxWddHszRPySM-pWiJ4O5Sezldh-Wy9BIEdjIuMBogtrVRoTE2ssVlGRjTErS8_bINIlV1QQFaXQ2Pl_Y6CWA

Analysis

max time kernel
179s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2023, 06:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.bancrof.com/products/222dgrh?ttclid=E.C.P.CrsBixTUsLKyiizaYfOvINq2aqwHmwYb7MnjydUbojk991e8nGqvNBFiCl-Xjep1M_MJlG3u-p8FNm1Glh9jiFrbxqJwBOHVWkzN5Z8VJjfF1UCgxJw9mRzvBllAReoufjlSejdRkIeqachhOoby3DuOI1BEs_8Jl9dHypj3KA_-7vj46l70MdqEtVL3bcTkwbggtn9wWvVypSYwJ7feQ1Ka0gpQRGbxWddHszRPySM-pWiJ4O5Sezldh-Wy9BIEdjIuMBogtrVRoTE2ssVlGRjTErS8_bINIlV1QQFaXQ2Pl_Y6CWA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133413051778811053"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1508	chrome.exe
1508	chrome.exe
968	chrome.exe
968	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 3156	1508	chrome.exe	87
PID 1508 wrote to memory of 3156	1508	chrome.exe	87
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 3068	1508	chrome.exe	89
PID 1508 wrote to memory of 2976	1508	chrome.exe	90
PID 1508 wrote to memory of 2976	1508	chrome.exe	90
PID 1508 wrote to memory of 4200	1508	chrome.exe	91
PID 1508 wrote to memory of 4200	1508	chrome.exe	91
PID 1508 wrote to memory of 4200	1508	chrome.exe	91
PID 1508 wrote to memory of 4200	1508	chrome.exe	91
PID 1508 wrote to memory of 4200	1508	chrome.exe	91
PID 1508 wrote to memory of 4200	1508	chrome.exe	91
PID 1508 wrote to memory of 4200	1508	chrome.exe	91
PID 1508 wrote to memory of 4200	1508	chrome.exe	91
PID 1508 wrote to memory of 4200	1508	chrome.exe	91
PID 1508 wrote to memory of 4200	1508	chrome.exe	91
PID 1508 wrote to memory of 4200	1508	chrome.exe	91
PID 1508 wrote to memory of 4200	1508	chrome.exe	91
PID 1508 wrote to memory of 4200	1508	chrome.exe	91
PID 1508 wrote to memory of 4200	1508	chrome.exe	91
PID 1508 wrote to memory of 4200	1508	chrome.exe	91
PID 1508 wrote to memory of 4200	1508	chrome.exe	91
PID 1508 wrote to memory of 4200	1508	chrome.exe	91
PID 1508 wrote to memory of 4200	1508	chrome.exe	91
PID 1508 wrote to memory of 4200	1508	chrome.exe	91
PID 1508 wrote to memory of 4200	1508	chrome.exe	91
PID 1508 wrote to memory of 4200	1508	chrome.exe	91
PID 1508 wrote to memory of 4200	1508	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.bancrof.com/products/222dgrh?ttclid=E.C.P.CrsBixTUsLKyiizaYfOvINq2aqwHmwYb7MnjydUbojk991e8nGqvNBFiCl-Xjep1M_MJlG3u-p8FNm1Glh9jiFrbxqJwBOHVWkzN5Z8VJjfF1UCgxJw9mRzvBllAReoufjlSejdRkIeqachhOoby3DuOI1BEs_8Jl9dHypj3KA_-7vj46l70MdqEtVL3bcTkwbggtn9wWvVypSYwJ7feQ1Ka0gpQRGbxWddHszRPySM-pWiJ4O5Sezldh-Wy9BIEdjIuMBogtrVRoTE2ssVlGRjTErS8_bINIlV1QQFaXQ2Pl_Y6CWA
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffe4a619758,0x7ffe4a619768,0x7ffe4a619778
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1852,i,2420181283995813952,16779265327524642437,131072 /prefetch:2
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1852,i,2420181283995813952,16779265327524642437,131072 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1852,i,2420181283995813952,16779265327524642437,131072 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1852,i,2420181283995813952,16779265327524642437,131072 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1852,i,2420181283995813952,16779265327524642437,131072 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4672 --field-trial-handle=1852,i,2420181283995813952,16779265327524642437,131072 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5052 --field-trial-handle=1852,i,2420181283995813952,16779265327524642437,131072 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 --field-trial-handle=1852,i,2420181283995813952,16779265327524642437,131072 /prefetch:8
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1852,i,2420181283995813952,16779265327524642437,131072 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5520 --field-trial-handle=1852,i,2420181283995813952,16779265327524642437,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:968

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4000

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x42c
1⤵
PID:2464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
3263763fc3bd8bf2aee49969c1276789

SHA1
15a2523dd2817235b5a4faf3d6e464ff3953250d

SHA256
4076e88e5b0921c934dea14292323605f4f045b65fdbf0253c7432cdc9b85e9b

SHA512
c4be246f000c18ef0941042cf259aa460f11fb5216f6342fb486bced5d0c75969df5e14e913e7d08b8d5fb9707dde954b53b73aaed863552056453aadbdef516

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
fa21fc6ac48c0e60e7adfdd154ad301d

SHA1
eb860a017c546b0b127bf0a06362a15a3fa7d78c

SHA256
acba8e50b909865356997f548d0efd2f8b7d50662eb2a090f0364d7035e6811c

SHA512
40b993238b715cf32694d9dfce48fbc67f82263a00ec9e58944ce66a5fd8e1cfbd0767aadf46984a4669ce6f4407297b4cba1f063ae095c18ecc6f0657fd66f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
1bc476afb792d88fe7495ed498317e47

SHA1
995dd72bb43ffaa831ffe672217efb2bb6d80209

SHA256
65a9510bc75e0dc138ac67c8825a25ee9db6cbee334ddf451447b6255ca5d396

SHA512
88cd3282f82f5e8368b5ff1b22e55841bc6dc58ce6624ac71143d884232e6a95c5413c8379c452b4454d50e5856d30ff05df01b2fe94dec1d581ba1bcdec17a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
cee0e84a956df3915e52e08d4460954f

SHA1
fb9de59dfcf3e8087944f5ec50f62812e6637ffc

SHA256
fc6c0be3f11be0a8a6b800b6106fa445ab5099ab1d74a8ab135c15688410b5e6

SHA512
d23257de1fa8f8ca41313215e4f5a4ca963ead21ed111d78dcb44580c5384b7a9021323e629fee8af361bf985f18442381cc40247bdae70b87d18030f6938970

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
075a076828605b0b68ac9d93b7b39d44

SHA1
f856b3bba4aeea715d6bd4b77c71f74d77e59eb0

SHA256
5d684c79ec6ae9acf9e784a7dc318e6835665477327aa6cf8261c853c3666e96

SHA512
f9274238a54e0ce3307a03bfb72b5018b71c0d6e0fed276b99eafbd9b5caa811002a889a25d9933aee758afffa1164ed9d04e69df9d26052b70d36f0b8ab76f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c0ec0bf1adb754682cb574d548c34c76

SHA1
7a11807aaa487eeb6d9b0ab293b1086c0a2a3481

SHA256
af6a0563e9aa31a3fc0aa51f9f8b2313f53460a4c043144989119ccf4df01239

SHA512
5761bb291b1c6d59f72f7fa45389c7722f2f179241a84cd3e038b16be58f8a6e3f25eb7ee3b5f900432413bdf104583cd68d02b412847846304c520307d1d763

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
67fc4cfca5761385ffff8f482bac57c1

SHA1
5a15c6929ee19fa6a298156974e8f03b0753cafd

SHA256
ba963b59ab9a893086cfdd30dccea696b7de54f91d103ee9b1373fb8e0b8d22b

SHA512
c191d6f40d6038d38aed51a1049fe13b7a8e4329d5163a02fe26c086385d79405eeae02bc4ffb6adb802eaa835439fb12005e1282b50b46a4f8fbb6e4d7418c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1ca87380daab758e33680ef70b49a453

SHA1
931120442c89261360182c3a5fa2ab152acf559f

SHA256
8429d2c5f82f3086fada4a634a6786921acc0442bda6a0b552015e6725c7af84

SHA512
0d9863577d28ea7cb3f683ecb5073d622edf4ccf74c86194ed17168aa34e97166edbcc13ede5a38b4645ca66d82e1be65dead6d8f80f09e483e21ae355b0dbe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
87752979b114322db9918abd07d99635

SHA1
e2cc3c42a915601130a854d3274617c3e08d4326

SHA256
2d32ed4aafb4032086405523199b0b394e3cd7f75236bd2bd03d8ed9c8ab57d8

SHA512
23c8602baf5a6200b331a9ff48ef9b33f120c93ee5ba354e87b5a89bbab3282c683f8c23614dc1c028ba5f2e1371b3cb2488b918ce592c9fdb1db54500a4844d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2a9d1a5f85a00dabb21c03714a5da591

SHA1
4adbe8eef60ae869b01322cabb43e8e0dc5d137b

SHA256
b0a877fd7cb7e257b3e635474b9b17fcbd5d14ca3a2d95a0f5dfcc938cee4702

SHA512
538e61078fa51424f54cb89559d330d3ec9e400bf507a17f2a3b0f42aa40fc00881ba6619a670e5b896c22434050bef5d6914fb90133f269c291d27e4ff96f29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
39fc289d31b435ecaf4474d2c731a04e

SHA1
451fe6fec0bc9111394036bd7fea660a0069c420

SHA256
af2eecc1ddb88cd03ee794c11146b6691598936f9eaa40538d22c064929b021b

SHA512
05cac3c711d92768d1af5166316218c10af25c980f5896e59eb003f564ce2e2c0a78f08d4ea28961b254d17b1732ef36c12f10582424f66ff9c64d8889c75b9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
0b23cfbc0e35237b7782139ec5594fe7

SHA1
ed993736849c8b88e88c024c7520cef701f9a220

SHA256
e2fe733a8cac7cd04a3fbcd57e2e1ecb0df57cf9d9db3ecb663cad143cb2c02c

SHA512
49f8a03c927b28ae5c57c85b1d77f96ca19edc4b20da97bc399feabb03817ff12c74dcb2056f5d18bd195cdb10d74b21313ddc6c05835b05e4123332e3927a92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e6bf82fc-e14a-4bf2-a678-5f34a7b1680b.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit