cadcd8c01844efd569e6d84e5cf516261a8e43450b2b22d8227a710eaa524909

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 04:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc157bf81ab006d1bb0a542aaf499c53.exe
Size

1.1MB
MD5

fc157bf81ab006d1bb0a542aaf499c53
SHA1

2b5f22ac2158a90eae8783e05e62171095bbdce7
SHA256

cadcd8c01844efd569e6d84e5cf516261a8e43450b2b22d8227a710eaa524909
SHA512

723f661b13ed7cc9444ba0c1038b2db23716bde32ef02f504131a4f11e5a23a9186ec527c0d9291f18194e7193d62687be1f2a5385ffa37d3b1ea95aaac2f8f8
SSDEEP

24576:CqDEvCTbMWu7rQYlBQcBiT6rprG8aHh2+b+HdiJUt:CTvC/MTQYxsWR7aHh2+b+HoJU

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Control Panel\International\Geo\Nation	fc157bf81ab006d1bb0a542aaf499c53.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133521840245542558"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-983843758-932321429-1636175382-1000\{BD8011BB-52D8-4D76-9674-4482E6AE2702}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4024	chrome.exe
4024	chrome.exe
2016	chrome.exe
2016	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2920	fc157bf81ab006d1bb0a542aaf499c53.exe
2920	fc157bf81ab006d1bb0a542aaf499c53.exe
2920	fc157bf81ab006d1bb0a542aaf499c53.exe
2920	fc157bf81ab006d1bb0a542aaf499c53.exe
2920	fc157bf81ab006d1bb0a542aaf499c53.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
2920	fc157bf81ab006d1bb0a542aaf499c53.exe
2920	fc157bf81ab006d1bb0a542aaf499c53.exe
4024	chrome.exe
4024	chrome.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
2920	fc157bf81ab006d1bb0a542aaf499c53.exe
2920	fc157bf81ab006d1bb0a542aaf499c53.exe
2920	fc157bf81ab006d1bb0a542aaf499c53.exe
2920	fc157bf81ab006d1bb0a542aaf499c53.exe
2920	fc157bf81ab006d1bb0a542aaf499c53.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
2920	fc157bf81ab006d1bb0a542aaf499c53.exe
2920	fc157bf81ab006d1bb0a542aaf499c53.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 4024	2920	fc157bf81ab006d1bb0a542aaf499c53.exe	84
PID 2920 wrote to memory of 4024	2920	fc157bf81ab006d1bb0a542aaf499c53.exe	84
PID 4024 wrote to memory of 1920	4024	chrome.exe	86
PID 4024 wrote to memory of 1920	4024	chrome.exe	86
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 2600	4024	chrome.exe	89
PID 4024 wrote to memory of 1496	4024	chrome.exe	88
PID 4024 wrote to memory of 1496	4024	chrome.exe	88
PID 4024 wrote to memory of 1716	4024	chrome.exe	90
PID 4024 wrote to memory of 1716	4024	chrome.exe	90
PID 4024 wrote to memory of 1716	4024	chrome.exe	90
PID 4024 wrote to memory of 1716	4024	chrome.exe	90
PID 4024 wrote to memory of 1716	4024	chrome.exe	90
PID 4024 wrote to memory of 1716	4024	chrome.exe	90
PID 4024 wrote to memory of 1716	4024	chrome.exe	90
PID 4024 wrote to memory of 1716	4024	chrome.exe	90
PID 4024 wrote to memory of 1716	4024	chrome.exe	90
PID 4024 wrote to memory of 1716	4024	chrome.exe	90
PID 4024 wrote to memory of 1716	4024	chrome.exe	90
PID 4024 wrote to memory of 1716	4024	chrome.exe	90
PID 4024 wrote to memory of 1716	4024	chrome.exe	90
PID 4024 wrote to memory of 1716	4024	chrome.exe	90
PID 4024 wrote to memory of 1716	4024	chrome.exe	90
PID 4024 wrote to memory of 1716	4024	chrome.exe	90
PID 4024 wrote to memory of 1716	4024	chrome.exe	90
PID 4024 wrote to memory of 1716	4024	chrome.exe	90
PID 4024 wrote to memory of 1716	4024	chrome.exe	90
PID 4024 wrote to memory of 1716	4024	chrome.exe	90

C:\Users\Admin\AppData\Local\Temp\fc157bf81ab006d1bb0a542aaf499c53.exe
"C:\Users\Admin\AppData\Local\Temp\fc157bf81ab006d1bb0a542aaf499c53.exe"
1⤵
- Checks computer location settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4024
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffabd2c9758,0x7ffabd2c9768,0x7ffabd2c9778
    3⤵
    PID:1920
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1960,i,740769904271569835,14368461984814764529,131072 /prefetch:8
    3⤵
    PID:1496
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1960,i,740769904271569835,14368461984814764529,131072 /prefetch:2
    3⤵
    PID:2600
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1960,i,740769904271569835,14368461984814764529,131072 /prefetch:8
    3⤵
    PID:1716
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1960,i,740769904271569835,14368461984814764529,131072 /prefetch:1
    3⤵
    PID:4616
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=1960,i,740769904271569835,14368461984814764529,131072 /prefetch:1
    3⤵
    PID:860
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4596 --field-trial-handle=1960,i,740769904271569835,14368461984814764529,131072 /prefetch:1
    3⤵
    PID:4504
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1960,i,740769904271569835,14368461984814764529,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:848
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4744 --field-trial-handle=1960,i,740769904271569835,14368461984814764529,131072 /prefetch:8
    3⤵
    PID:4344
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5244 --field-trial-handle=1960,i,740769904271569835,14368461984814764529,131072 /prefetch:8
    3⤵
    PID:4400
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 --field-trial-handle=1960,i,740769904271569835,14368461984814764529,131072 /prefetch:8
    3⤵
    PID:1372
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1960,i,740769904271569835,14368461984814764529,131072 /prefetch:8
    3⤵
    PID:2852
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2312 --field-trial-handle=1960,i,740769904271569835,14368461984814764529,131072 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2016

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
01d133a968e31c83d25a3a75be89e37a

SHA1
5a5adc9fcbd51aa5740733b222bf2116b6c65e7f

SHA256
514185243af756170f7e67f2d12c684e68d1ec0e35fec2e21c17763208748d12

SHA512
7a8e7b0f4b0f718228373358ea4ab7221b28595e424a4b2e616db408309213e251f6e121ec21441dddf1974a756faecbbe9a968289e8d9e35d6eecfb18590442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fa6a7ed08ba42d1dfd9360d59bb869fc

SHA1
59488320b850dd5209ab02f9360ea9bfad5aef3e

SHA256
8ae9f274b450f310a281e01665833ae32d7cb6c5db30f7b03de808731c252289

SHA512
cdc689571746a4dddef3ecd3526a57a4d0e563bf3301ff8f9f00be1b6fc231f8744a0f40d75041c453f44d5ac9d07ded7ca33df87cf76a8074039ef6929493d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f0b93e7197897fc6812eef1db6ec08bb

SHA1
4a78b32482a69e8d66d8296cf81578fc876ba45f

SHA256
e7b0ccfc3f3706ca07dbb101a88ac5d2a9375ee14bf90d66a75e91417a32d520

SHA512
8b752c5d9e84fe28899fb767d4736b23cba16f3adf06fbf5f446746b0fb98645d824574aa48922c2e030bca2140b5bee6853fb8b9024eaf2fef2220f97255587

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
b43ff7e8200d42c9a29eeee3f9e3b2df

SHA1
47694c00ecc1ae002aa86232b3a0bc7a8f80aa90

SHA256
d6702f3ca489db930f8eafa906b37580ccd070171e0c12ec11623ffcad54dc33

SHA512
48b9f9c74ec5beb54e66d7891b2856f5973ba1d108e0e6ab020a4c4d0694c95cc03cb4f545433a96fb9e777cb059d0ffcfc2309a1be56ab2b0355eb53ae73ff5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
257a80bbe2e3aaf4d82b7946b3c62e99

SHA1
d1143852500f1fd6b5bf436df4a7ada0242cc408

SHA256
a7afd964ff62c859ba5d648cbbbe2bc0f3e60a2d9967ac46d316565b9ec467ea

SHA512
c818142c03b106d11c5e02889570a219c150bef7ac1a3917050564d62c5a76b3985c1bf94868a347b46965562184ca0b8a6f8fe8dcf3eab938e6036116ce5b5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
a8a2a41133d00954f18c405f2b9bac25

SHA1
20ccc8f49e6eee518e9749cf533c76c427769972

SHA256
5ec5322c77217c804d2f2214ae52bcd8bd64a728720857534485430de4bf63bc

SHA512
ed6c400c4942540a0945bf1d2fe0496c6da74f7ffea660e4aec41cc811a552465cc84be791f2d7b9d988f4691b4bae968ae4ca9211bdfc49c18090e6877a924a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
72ab8579361a73c7a48f4ee70b27dc7e

SHA1
8d27d26c7f307481713415deb6391178c88bc6a6

SHA256
c7eff99cd125c31268d5ed43737149eabb1dc4b9976c28b8e653a690f1dccfcd

SHA512
91122c2b45a6e2135f9a08f968aca88eed30482f3dbe1b7d30fab6b5abf54f4b112c919da5d5aacfb7b181e89a29370f5bcd1047cd51e116943edcffc88b79e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
93497fe9256674ad341d0ee474c78bc3

SHA1
040c6ef4bac92f4f0569f24185b557958507653e

SHA256
053cb65a8985ec5a56a7f1d619ae5966be36d68bc8d3562e9238bb54d51f7686

SHA512
52bb75cbacbc8cb77e5897dfdfb1508183753f5590e6b67df0aba4235b90f88f5afa373896f07dd80798bbbda98ecca0e154a67a04099d54d1125e652e8e3f8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
239KB

MD5
90b4cadf758c39bbcd66e0b6f58edf14

SHA1
dbc304d1fb7e17cdc66519eb3902f9c341477fdf

SHA256
254cbba6492ca904cc99ba8497319339c2171851e14271ecaca1994dd3e98037

SHA512
f14d7c3565e217ce84ba95882f7f7ab80ee0142a671baf38eae385e00ecbb9681667df34d66803afdb0a711725ddd6f48ca2a8f760b2fcaa49a3a7ce3e93f7ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit