hxxp://sacredheartschoolsi[.]org

Analysis

max time kernel
1799s
max time network
1787s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 13:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://sacredheartschoolsi.org

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133415043572528646"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1926387074-3400613176-3566796709-1000\{1A74C079-426E-45D4-9813-A759D09903EB}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2876	chrome.exe
2876	chrome.exe
264	chrome.exe
264	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe
Token: SeShutdownPrivilege	2876	chrome.exe
Token: SeCreatePagefilePrivilege	2876	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe
2876	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 4280	2876	chrome.exe	82
PID 2876 wrote to memory of 4280	2876	chrome.exe	82
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 4216	2876	chrome.exe	89
PID 2876 wrote to memory of 464	2876	chrome.exe	87
PID 2876 wrote to memory of 464	2876	chrome.exe	87
PID 2876 wrote to memory of 4236	2876	chrome.exe	88
PID 2876 wrote to memory of 4236	2876	chrome.exe	88
PID 2876 wrote to memory of 4236	2876	chrome.exe	88
PID 2876 wrote to memory of 4236	2876	chrome.exe	88
PID 2876 wrote to memory of 4236	2876	chrome.exe	88
PID 2876 wrote to memory of 4236	2876	chrome.exe	88
PID 2876 wrote to memory of 4236	2876	chrome.exe	88
PID 2876 wrote to memory of 4236	2876	chrome.exe	88
PID 2876 wrote to memory of 4236	2876	chrome.exe	88
PID 2876 wrote to memory of 4236	2876	chrome.exe	88
PID 2876 wrote to memory of 4236	2876	chrome.exe	88
PID 2876 wrote to memory of 4236	2876	chrome.exe	88
PID 2876 wrote to memory of 4236	2876	chrome.exe	88
PID 2876 wrote to memory of 4236	2876	chrome.exe	88
PID 2876 wrote to memory of 4236	2876	chrome.exe	88
PID 2876 wrote to memory of 4236	2876	chrome.exe	88
PID 2876 wrote to memory of 4236	2876	chrome.exe	88
PID 2876 wrote to memory of 4236	2876	chrome.exe	88
PID 2876 wrote to memory of 4236	2876	chrome.exe	88
PID 2876 wrote to memory of 4236	2876	chrome.exe	88
PID 2876 wrote to memory of 4236	2876	chrome.exe	88
PID 2876 wrote to memory of 4236	2876	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://sacredheartschoolsi.org
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c3799758,0x7ff9c3799768,0x7ff9c3799778
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1936,i,9400161330276930566,17356419158993520707,131072 /prefetch:8
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2156 --field-trial-handle=1936,i,9400161330276930566,17356419158993520707,131072 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1936,i,9400161330276930566,17356419158993520707,131072 /prefetch:2
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1936,i,9400161330276930566,17356419158993520707,131072 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1936,i,9400161330276930566,17356419158993520707,131072 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4420 --field-trial-handle=1936,i,9400161330276930566,17356419158993520707,131072 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1832 --field-trial-handle=1936,i,9400161330276930566,17356419158993520707,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1936,i,9400161330276930566,17356419158993520707,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5160 --field-trial-handle=1936,i,9400161330276930566,17356419158993520707,131072 /prefetch:8
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 --field-trial-handle=1936,i,9400161330276930566,17356419158993520707,131072 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1936,i,9400161330276930566,17356419158993520707,131072 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5772 --field-trial-handle=1936,i,9400161330276930566,17356419158993520707,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:264

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
8314fc31ea8429be3a4f51170f4dcb50

SHA1
155952b441241683d04447cc70bde412d0c99ee5

SHA256
d1ddbf374b2fb56ab9b4d3ff27fef6e933dce2e3e9acef65715ddb12a0f247d5

SHA512
3a0d021afe3d91598bd2cce7f7f45256460d537b4395a643b62d00c90297026a11f8ddadc0bca107526c0d1653061c1e64f62f69cefedfafd724815777b9a92c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c13ecac3fcb8f1d59ec9f7f28255c874

SHA1
e8072dbe6a885570ff398a8552da40e45652410a

SHA256
0845c8b9cf6789f244681eb5ddfffcdd7eff9c84a92361f6ed228ff492c3ce02

SHA512
159a0a3c0a43156ede2bdb389005e493bea316d8232f9c5398ccfc4f62ea379f8c0ef98a2aa46da57d61921020b45646cb54a387df06ad92a4fbeed4047249d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a806ddfe054b91f0f8927169bec0ed6b

SHA1
a2431c09c760265f9deb26443150576253b2617f

SHA256
45448b9574260e9cf8b49db0299f5976fdc07c62c1700a0c487872c8e0f1dafc

SHA512
4f31f398da2acd240f404760aebf708a5d1775080b9c3234b28660a165d76e45f7fe9f2510196f595ad315819b51fba4ce07acf16ec989f57899ae1508d3e2f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e2e36561ecc2c05d3b84efbf605d84bb

SHA1
105d4cadafded505ca146f56f1c528f8e83cb59d

SHA256
81624b16fd3560906195df219dd869950b5e1b68c5d578df7cc432429ab8f25b

SHA512
0ba6c33f7e0bb39dc04c4ee7ca7df2e0122300a84809fca6e7bffd57f4058e3ec1eb86049ab504e758d04c1794f951e62c0b49342af9d63b6b606f03102c1cfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9eb20c6e44982efe37d3adc93d709de0

SHA1
ed8fbcdabbbc6ecb5d30b84f30a84d52bca9c864

SHA256
351af2d1d352a153e57d769ad5e4cb932e2aac57b38ed99d3603fc0205b91476

SHA512
a96454e919b5f99047148cd4958c5f6b37943db57709bc35d79b3ed79e615dba409c5b29a006f399dd2f7988719d4472c26782ba131cebe92bf127b2669af330

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
4acf5eb004824bc738de1b855d38055d

SHA1
ae61eb4f0e859d04bd7a5170d44c056d0567a012

SHA256
96bcd91afe3c97f2b31f8ac06d16ff0cd02a9e8dbbbdfb926331b83f48fc8a3a

SHA512
7f959a8149c1b7507a40bb94ab70b738f75071c5853d67ab14f2a2d53bd8ba6d6403ae5e7894c677c096eff21ab250909b35f681a8f70d9c2300fd6738e48897

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
875B

MD5
ddba658277a022be48f58ca83b8ad36f

SHA1
5ab508877141b1ded9432d8026e009e599ebc8e9

SHA256
5d4eed638b06f985b89c037190cb93cc3fa4a48287ce5dae89446309709ad026

SHA512
7219b718fbbc89c77c711ea1b1084694e18de9550f9502a7312acfd9dffc535e3f571f049e9f2e7d062ffc8121529a92083141bfbb1b3709ad1e999f37d31648

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
30279160738f7912708aa4a731a5c8a5

SHA1
e6129a2dcf0e05e8afc0bbfc7e64c88b1c05bd7a

SHA256
668f94009f5d6bc43b39f7e2eab312dc2eebcdf66b49ced896672c6efd37526d

SHA512
ff962e48ae14a5ab68132858c1cedecbc3a9cfaadd8ca4d9590a48b7ced10401b8a2e3c6dcc9c8747090587830c0761ddb8c602293efa017cc16c290a3232e60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2cb717161399bb3886baaab8346022f0

SHA1
8c506f914f672e037031609385d34ea4eecfb722

SHA256
e43b23154274cac583df42221c7a0985df0ac33df559bcdff21e6871c3617085

SHA512
5d176eddc8b95a414a598a9129a405f58a1264ba654931140b5e1af0722542479b708d17f15772c14a4a31599818cda57fd9e5c57a793812f7c035b4842dc4e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe586e36.TMP

Filesize
120B

MD5
c146ae551a660628a2537f935c7c29a3

SHA1
fd2702460f3a03a46ee97d800f92122c7ddf1cfc

SHA256
d348470d09ff127cb209253a6bee1988e24be209c6cec93217c1d1e61a98be44

SHA512
e8a4bb64c12f4f93254fcef9d20d0f93289c41cc9f5c1421ed19bc81efb33efae657c7e3187e31edb6a413646fa3dd65a64a3188ca3c3f9de65fa36bebc1018f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
efeb3030d3997064cdb6bb260243dcd5

SHA1
d3ee0b11254fbdb10c87ace86423c1530cca5a60

SHA256
2bc4530c2465fdb0b38c58981f1fa2b27dcb8b7ef96d179ff31a7f9688616cb1

SHA512
c2f522a895cd6c40fceb5b7c700743472e6412a11f31c753506e7fcbb5da0fcdd8220d736d071ab6ba9455fb56675c1dd3c81be0cf2ef112a385f0a74c3561bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit