hxxp://cn[.]pool[.]ntp[.]org

Resubmissions

06/11/2023, 20:55

231106-zqj7vsge66 1

06/11/2023, 20:52

231106-znpdssge47 1

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2023, 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://cn.pool.ntp.org

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133437775426882247"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1180	chrome.exe
1180	chrome.exe
1060	chrome.exe
1060	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe
Token: SeShutdownPrivilege	1180	chrome.exe
Token: SeCreatePagefilePrivilege	1180	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe
1180	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 1280	1180	chrome.exe	61
PID 1180 wrote to memory of 1280	1180	chrome.exe	61
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 792	1180	chrome.exe	88
PID 1180 wrote to memory of 1340	1180	chrome.exe	89
PID 1180 wrote to memory of 1340	1180	chrome.exe	89
PID 1180 wrote to memory of 4964	1180	chrome.exe	90
PID 1180 wrote to memory of 4964	1180	chrome.exe	90
PID 1180 wrote to memory of 4964	1180	chrome.exe	90
PID 1180 wrote to memory of 4964	1180	chrome.exe	90
PID 1180 wrote to memory of 4964	1180	chrome.exe	90
PID 1180 wrote to memory of 4964	1180	chrome.exe	90
PID 1180 wrote to memory of 4964	1180	chrome.exe	90
PID 1180 wrote to memory of 4964	1180	chrome.exe	90
PID 1180 wrote to memory of 4964	1180	chrome.exe	90
PID 1180 wrote to memory of 4964	1180	chrome.exe	90
PID 1180 wrote to memory of 4964	1180	chrome.exe	90
PID 1180 wrote to memory of 4964	1180	chrome.exe	90
PID 1180 wrote to memory of 4964	1180	chrome.exe	90
PID 1180 wrote to memory of 4964	1180	chrome.exe	90
PID 1180 wrote to memory of 4964	1180	chrome.exe	90
PID 1180 wrote to memory of 4964	1180	chrome.exe	90
PID 1180 wrote to memory of 4964	1180	chrome.exe	90
PID 1180 wrote to memory of 4964	1180	chrome.exe	90
PID 1180 wrote to memory of 4964	1180	chrome.exe	90
PID 1180 wrote to memory of 4964	1180	chrome.exe	90
PID 1180 wrote to memory of 4964	1180	chrome.exe	90
PID 1180 wrote to memory of 4964	1180	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://cn.pool.ntp.org
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x10c,0x110,0x114,0x108,0x118,0x7ffb242c9758,0x7ffb242c9768,0x7ffb242c9778
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1900,i,14191355141263007803,11651198416118926495,131072 /prefetch:2
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1900,i,14191355141263007803,11651198416118926495,131072 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1900,i,14191355141263007803,11651198416118926495,131072 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1900,i,14191355141263007803,11651198416118926495,131072 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1900,i,14191355141263007803,11651198416118926495,131072 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1900,i,14191355141263007803,11651198416118926495,131072 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1900,i,14191355141263007803,11651198416118926495,131072 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4956 --field-trial-handle=1900,i,14191355141263007803,11651198416118926495,131072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1608 --field-trial-handle=1900,i,14191355141263007803,11651198416118926495,131072 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1900,i,14191355141263007803,11651198416118926495,131072 /prefetch:8
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3344 --field-trial-handle=1900,i,14191355141263007803,11651198416118926495,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1060

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
a64f51031ec8e9014bd1d38485f45a93

SHA1
dedda2b8e9b146c6b3177ae7245f5c611be9865a

SHA256
16d1e51565d862b886a9bb4fbbcf20997b14aa813ed5feddbad90ed27b50beeb

SHA512
4f733609a8a95ee2489bb11535b87abebe5aea7588200d515a3ebe623675443ec1c75223f36ee7b054c0fa5850ab6c1f7a88593cdc899cb6887a256287563f39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
39e915508b040c0d5f399e9e2c6a00cf

SHA1
7b14fcbdc38b31a31340389f205e88c145ac9e30

SHA256
2714bd555f22d9bd1922fbe72a55613baee8dd94bfacf6c040c77eeed3c46bcf

SHA512
69549ba68ffa0456a2c73ceee3a32888c97c7cf81f6a21a89535b849e4671cca04fbe51e78b5a7be983f73e76112e838e61d5d69b81fbe693fe3b21ce2d23a65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
761cd144033b4f4e5bd0bb3ffba0f23b

SHA1
8a2b9f9b8ae939bb40049d57d75ac4c1d137ab06

SHA256
d64ee0861f1469204e55e2029dcc4f8abb540b325a62a33ae53631b2c684de36

SHA512
fafdbae2aacb570e84e9855b916459d2949768f21a301e32c77aef07f461c4b06e1f3d834841e0f0d350f02fcbf57c6489e47c6e7ce3635a59a83f1a713fe054

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4cb5cd87fd2da02e8103c763b21166b9

SHA1
3932385f067d8d0d97549bca07b6e2e9a6d75337

SHA256
56cbafcaaf0e370ebfaf0b37fdc4dc11f525dcccf1eaec6085e20a8df94b615f

SHA512
71fd0b9b106535755b37d9cd3bfe6b37ba8634851511b82384294f3b8db37dc37ff8911bf9dce3e7f255f5e58db84cb43e82490bb399f85a4c595794043d55df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
660eba1be3897bba39b583a6c416b3aa

SHA1
624c4dafb603207311a2ca082ad86845fa072a9e

SHA256
3b1205046c48dce278d64c56b5b003e8915bca670d195e3c7a1a433f44f901d2

SHA512
3785ed8ed15af88ed6e7ff5c7545284512e0f4de678db58263156d85c9652551fc0b65ae9f5de57c3c9c0a3fa12b7748a67852156f4b8971648ae542a378452e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
940861785baff403b30d88a889b7f74a

SHA1
5c0104b4b4c83dc1b5299f23e398dda27ff9420b

SHA256
db6fdcb7852e31da51ee91652f1285df6f0f96aa224ea70f8e2b61bfba3e9e1e

SHA512
a575c25191ce8113c6cf720502e204746b15d3f0513c67b625c9bff226377c32b5b3bc0ca686355ec0966e311223a5e7f977fd0756a72411cc07d24d0006ddfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2b491b2afdacf447567c75af6eff3b66

SHA1
04f4d499040cfdba8ced93b4a52ff969c37bd1fb

SHA256
48886a3a2dcf8d95f6be4ea68f682431a64b4ed2d1df955678390d4013d5761c

SHA512
964495cf0a6131e441fe8a9c18a2d7e58fea15470e17f7ef59c61037d6b152de3a47ee521a0edbf521ee714299f9fdc6b168d29206d1c6d11b3bfaa053c114cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
aac90eb5bfc5b553175ce07ef54a72f1

SHA1
0139500dd853e2318e0f0fcfe74da9c318b4c63e

SHA256
e29dff8c0ee0a7b13b8a041a6eb720fa8628ab72faa845362764b5939a2af361

SHA512
a057f1374b4084f157356ceebd50aad5b77e2a5d51526bc5785a5b8d726f13b5c74c4c5d12eff817a8f90bed4c91f90f98a98c6cf6e3e1d279dbbbd1a539f57b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
e273bef553b3898097d9a58bfec18cf2

SHA1
e27aa30d6bbb9d21b256f4a4e869c3a8be630f8e

SHA256
793ba0df9ee1330b3fbd1f901e02bfdb4f9c6016849a2991371bb7b1b56b1f8a

SHA512
5377a19edb3551b1aa9b660395c47c494ee3644f13744c794bc38d394317cd24c10d5c297939518e130ff23a55e1d386f25fca10689429dbdfc751f7d8e24486

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
5c8cd791240ff81b4c86d1e58c6c25e4

SHA1
efa038f9543b0758814ff4cbdec6d5aacfbf4cbb

SHA256
a6b2129e0e48ba30fef77ed739a328260d785824fd92513ce5bd828df2e14032

SHA512
ae7ea1c4e128a01944a14ed4a908d163775cd73679703425f3371434f1364f8a172d4e3b4f906f043fd65f1bb2ee17e48eb911a753650475de3d7a067d3787a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58625f.TMP

Filesize
97KB

MD5
3504296e1084edb021dd0e98218139c3

SHA1
ff63e0cdf067a1dc8fceb0090edefe735cdc4fef

SHA256
0a98b80233bfbf167ba77626b598501fe2f5efc270e574eac3ae065f27436ea6

SHA512
19a941ab927882d190714953216a5e36232b1fcc1aca3166c1d1b1f8f12af3293dd0b8841f4f0791ca21232057965e84ffb2349e0a7101241a96f084815a1050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit