hxxps://google[.]com/amp/ip245[.]ip-147-135-76[.]us/cl/40468_md/92/13044/2087/0/0

Analysis

max time kernel
158s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 17:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com/amp/ip245.ip-147-135-76.us/cl/40468_md/92/13044/2087/0/0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133492080938089053"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4472	chrome.exe
4472	chrome.exe
3056	chrome.exe
3056	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4472 wrote to memory of 456	4472	chrome.exe	31
PID 4472 wrote to memory of 456	4472	chrome.exe	31
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 1440	4472	chrome.exe	91
PID 4472 wrote to memory of 2304	4472	chrome.exe	90
PID 4472 wrote to memory of 2304	4472	chrome.exe	90
PID 4472 wrote to memory of 4780	4472	chrome.exe	92
PID 4472 wrote to memory of 4780	4472	chrome.exe	92
PID 4472 wrote to memory of 4780	4472	chrome.exe	92
PID 4472 wrote to memory of 4780	4472	chrome.exe	92
PID 4472 wrote to memory of 4780	4472	chrome.exe	92
PID 4472 wrote to memory of 4780	4472	chrome.exe	92
PID 4472 wrote to memory of 4780	4472	chrome.exe	92
PID 4472 wrote to memory of 4780	4472	chrome.exe	92
PID 4472 wrote to memory of 4780	4472	chrome.exe	92
PID 4472 wrote to memory of 4780	4472	chrome.exe	92
PID 4472 wrote to memory of 4780	4472	chrome.exe	92
PID 4472 wrote to memory of 4780	4472	chrome.exe	92
PID 4472 wrote to memory of 4780	4472	chrome.exe	92
PID 4472 wrote to memory of 4780	4472	chrome.exe	92
PID 4472 wrote to memory of 4780	4472	chrome.exe	92
PID 4472 wrote to memory of 4780	4472	chrome.exe	92
PID 4472 wrote to memory of 4780	4472	chrome.exe	92
PID 4472 wrote to memory of 4780	4472	chrome.exe	92
PID 4472 wrote to memory of 4780	4472	chrome.exe	92
PID 4472 wrote to memory of 4780	4472	chrome.exe	92
PID 4472 wrote to memory of 4780	4472	chrome.exe	92
PID 4472 wrote to memory of 4780	4472	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://google.com/amp/ip245.ip-147-135-76.us/cl/40468_md/92/13044/2087/0/0
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc62429758,0x7ffc62429768,0x7ffc62429778
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 --field-trial-handle=1948,i,10924047578650999702,10004651579419245159,131072 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1948,i,10924047578650999702,10004651579419245159,131072 /prefetch:2
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1948,i,10924047578650999702,10004651579419245159,131072 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1948,i,10924047578650999702,10004651579419245159,131072 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1948,i,10924047578650999702,10004651579419245159,131072 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1948,i,10924047578650999702,10004651579419245159,131072 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3844 --field-trial-handle=1948,i,10924047578650999702,10004651579419245159,131072 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4564 --field-trial-handle=1948,i,10924047578650999702,10004651579419245159,131072 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5484 --field-trial-handle=1948,i,10924047578650999702,10004651579419245159,131072 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5596 --field-trial-handle=1948,i,10924047578650999702,10004651579419245159,131072 /prefetch:1
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1624 --field-trial-handle=1948,i,10924047578650999702,10004651579419245159,131072 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4640 --field-trial-handle=1948,i,10924047578650999702,10004651579419245159,131072 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1836 --field-trial-handle=1948,i,10924047578650999702,10004651579419245159,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3056

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
5d9a6a398bab5d09036fe42a6a2333f4

SHA1
f40e27e9979fc4642a1916facc31c6729c9a4548

SHA256
4961064fd18b1d562947cea7ab5e50e44c18964374286f114afa15e1e75cd706

SHA512
2503bcb15d2977c86fa5da52cc71da935b703234f82528dec4b935f9a371f4c8880c18ff0cfa177d55c91f479399242b8abaccfb581a61b9e847e634c91c7d41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
30eca1dccbff980ed56300014493de8d

SHA1
afbe4806cabe3e140a1d1324c991b765e0ef5c6d

SHA256
23bdf170382029e252ae8f65e0c682d954828ab8db87aea24e216948d16257ec

SHA512
2c9fb13519a7e2f69c971acc2fe1bc78ffa28ba9bac045afdfdb95d1291e743bb9af1f15d695a2e63dc2471405de12b404a29ef01cfc9a1b40b7646a1a796702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
c109851908e98c0f33d56b9711a05880

SHA1
7196b90cdcfd0f6403cbeae52853517ac96e10de

SHA256
857ddb640998b94991f147905ccaaf75806b0d10322916e9f74a517c94e8493a

SHA512
7c6b401bdd671cb34d42c85d6491cb61dd0c96dee13e0c2b00bd667e4d179192149291fbf664ca2b59c0e6751d507294cf1785faf109f8fe959f3cd112496470

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2c44545f7326b27519b1daf9780ebbeb

SHA1
cd519a1df536a8801d3e9a484adcb3f595c328de

SHA256
cda698545408e92b994a4b65d5ae917133ad924dee3bf714027efd128d64c0ed

SHA512
9c789bf4195d8d0818b9a1397f3702513a854337915f2449e8c69d2d49d5d143ca517579e5689149451117ccd7b293e99dfb1d221e31be2bf20b5f5360b327ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
412f770e84e3f94dbb4d1348fbfbc0aa

SHA1
4ad4fa31c750d78d506d0cf5628246e273984fed

SHA256
86e619bc0f3ef00acb942347f7227f94ad9d03d458a7b6fc122ff749f73011f9

SHA512
79f4a1ce63586ea95ac79f1e0dacc45a1644a51a01e6cfe60784b62fd93b7485646f55983d3c53b2584dea6e8477ad9b7899660a6d16890d2426cc811a721aa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
974d507342ea498137e4256e03ba0a02

SHA1
340e3a0977e6d190b7ec847a79925750da1a0f42

SHA256
d4b721928b58f277ddda1e674c165e6088e8c17c6360ff8ea253e5f84d24429b

SHA512
6a95c205c014a3703c5f6f8ff613a87836a1d77ce90832f9173a078426a1e15ac2fa1d4c234a1435d4686f0618f191778ac68a10ebf398d2e86e077b881370e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4e42da5de9681e86e3972893b3d9bec9

SHA1
6116eb7155920dc5ae44d40bd7afef6696b21412

SHA256
da23bde16d5daae978d6feafe2391958a96171364a2c10495a6f3a8e2fc9e0a0

SHA512
82caa535f2240ec8bb72427f74096390bc66e8133be192b66c20ab852888271efb150c6a3783d4fbe48349ddbdd198f080e3c07c5c0641f8e630b9971d93412a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ad17511f465a4e3165194bc561b74cfb

SHA1
ac3b0127a8a5a6de422fd4f38ef3465198db2e91

SHA256
79818847993bfcd19fc7beb53d6861d336b4be0635d064f0abc2a3a398320476

SHA512
0342d2d7db41475028a65af1c4ce0044ea6609c624bca0c772226ec159959e7ffecf480de2707c2b67a5f8d8b4a92d22fcfb63a43dae07cd187f534b6e3f9717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\aec9b8bc-863f-49aa-bb32-57217142eb2d.tmp

Filesize
4KB

MD5
97fa9ba52eed3589dd729d5376430d74

SHA1
6fb62fe9760976a6c95025e33857068e0a78f391

SHA256
bee4a6c2d5dfb8b2cf569f5485f29b6c3c6abe58939f2581bdb96d1d75f1b3d2

SHA512
b05dad2ac9bb1ed5e035cba0dc5596a1f51479844be5bf8968dc12ddd7c93b099dd11d6f550f5cfb007248b9a579a49fc78ad525a7e3f16a42a33796d98a2ca8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d0f44f7aac83f2b3ca4edcf72bcc5eef

SHA1
d9e191c81d46533e38d41637c8512dbf03f2a608

SHA256
74d2194bdf7d323f4d0a9f601fd647df61c15582fc1b337f795c99894d361b98

SHA512
a832cd7c7b9ad18284ba1cd20c33de4784ba6d8e2d4c18dd94ecf12b925e437f6d2aab481b6097aa7d35df3fb3da01e9fe390568d21ab7b069ce2c9c722a07cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c44be5307b8f361885f904d3942c92fe

SHA1
ab199a8f2cad27ecc84375951c25ac0ed8368b7a

SHA256
bab4accc078103db396e70df1c50e5edc2cd35de16e0181b14d2f879c0dcf4af

SHA512
b12f9ad683047355363de9ed2e8b526ba176fe9b04225dc55551a9b3e917995d6b7b388216010be80b49688e40e347a2ae0a484d4feb32716f77ec3b469b9333

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
9410fd29c0f00fd9b3ac92931bbbaafb

SHA1
134dbd14025b1a3a3167573b95c289e7b465e86e

SHA256
5ae68ea694a204d67b3aae4c50b03f5ab20bf568f5b34090f0f731ba3be48634

SHA512
d41927051d31e608d894cf650614d9c17f4c34caee271b03574f41cb853123c0f630f863721b1f4406394e821eba091db3f7f17a501c080519caf46ba6434630

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582b41.TMP

Filesize
48B

MD5
2f9691c02bbe45e661525dbcaf2e8f02

SHA1
24c0614b85d0eed29d9c063b4fb54b7adda77aae

SHA256
999efefc39f0f4867e8b1f7707b73831eb1b57a127da2884277e09723a49db85

SHA512
32d0259b17d06fa3aac59bde51bfd62a69c896819c1c52dbba03e0c20bd3a0859281d887d26081feb6b77f13707fddf7a92b8f0db426f247a5c45b2e532207f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
bd0b860e95e38f2289e188226c379c97

SHA1
9ee7008ef6f5e3990960e72e85aac86ca9fbff3f

SHA256
3d8ffbcabf16bbe74e60a3b03b74064b97c0151000d9e020725266a7c133fcdf

SHA512
f2093e6fcd748cd39e9ce6d125b589aa1a2715c32f91c4be1a989daca664d466133c1b9e5dd9393edb845cf0c786abb805613c196d842eecbb61a9cef6f53464

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit