hxxps://github[.]com/GalaxySwapperOfficial/Galaxy-Swapper-v2

Resubmissions

19/02/2024, 17:12

240219-vq696shf82 6

19/02/2024, 17:08

240219-vnsc8shf22 6

Analysis

max time kernel
150s
max time network
156s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
19/02/2024, 17:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/GalaxySwapperOfficial/Galaxy-Swapper-v2

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	camo.githubusercontent.com
16	camo.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528361511693231"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
868	chrome.exe
868	chrome.exe
72	chrome.exe
72	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeCreatePagefilePrivilege	868	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 868 wrote to memory of 824	868	chrome.exe	77
PID 868 wrote to memory of 824	868	chrome.exe	77
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 244	868	chrome.exe	79
PID 868 wrote to memory of 3572	868	chrome.exe	80
PID 868 wrote to memory of 3572	868	chrome.exe	80
PID 868 wrote to memory of 4688	868	chrome.exe	81
PID 868 wrote to memory of 4688	868	chrome.exe	81
PID 868 wrote to memory of 4688	868	chrome.exe	81
PID 868 wrote to memory of 4688	868	chrome.exe	81
PID 868 wrote to memory of 4688	868	chrome.exe	81
PID 868 wrote to memory of 4688	868	chrome.exe	81
PID 868 wrote to memory of 4688	868	chrome.exe	81
PID 868 wrote to memory of 4688	868	chrome.exe	81
PID 868 wrote to memory of 4688	868	chrome.exe	81
PID 868 wrote to memory of 4688	868	chrome.exe	81
PID 868 wrote to memory of 4688	868	chrome.exe	81
PID 868 wrote to memory of 4688	868	chrome.exe	81
PID 868 wrote to memory of 4688	868	chrome.exe	81
PID 868 wrote to memory of 4688	868	chrome.exe	81
PID 868 wrote to memory of 4688	868	chrome.exe	81
PID 868 wrote to memory of 4688	868	chrome.exe	81
PID 868 wrote to memory of 4688	868	chrome.exe	81
PID 868 wrote to memory of 4688	868	chrome.exe	81
PID 868 wrote to memory of 4688	868	chrome.exe	81
PID 868 wrote to memory of 4688	868	chrome.exe	81
PID 868 wrote to memory of 4688	868	chrome.exe	81
PID 868 wrote to memory of 4688	868	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/GalaxySwapperOfficial/Galaxy-Swapper-v2
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffbc6ff9758,0x7ffbc6ff9768,0x7ffbc6ff9778
  2⤵
  PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1828,i,2494219817162258874,10337103101844131366,131072 /prefetch:2
  2⤵
  PID:244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1828,i,2494219817162258874,10337103101844131366,131072 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 --field-trial-handle=1828,i,2494219817162258874,10337103101844131366,131072 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1828,i,2494219817162258874,10337103101844131366,131072 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2180 --field-trial-handle=1828,i,2494219817162258874,10337103101844131366,131072 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1828,i,2494219817162258874,10337103101844131366,131072 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4380 --field-trial-handle=1828,i,2494219817162258874,10337103101844131366,131072 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=1828,i,2494219817162258874,10337103101844131366,131072 /prefetch:8
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3732 --field-trial-handle=1828,i,2494219817162258874,10337103101844131366,131072 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1828,i,2494219817162258874,10337103101844131366,131072 /prefetch:8
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4676 --field-trial-handle=1828,i,2494219817162258874,10337103101844131366,131072 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5124 --field-trial-handle=1828,i,2494219817162258874,10337103101844131366,131072 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5492 --field-trial-handle=1828,i,2494219817162258874,10337103101844131366,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:72

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1284

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004C4
1⤵
PID:2008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
1024KB

MD5
88ae376349a1a947e8d5c0639248cb8d

SHA1
51fea68e0a4b26d93c37d1b58ecf4db157f25172

SHA256
6d047bce433a95b01771aeceebed8838bc310622b558a011885b9412601e3750

SHA512
94d8ac823c623dba15ae1df4ea299e456a0dd9617d52e8735a6a1605b641f44d7b5357e7f24c80986bd5af42547d3e31eb39c8d2613f92886673818b3c154cd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
1024KB

MD5
9927c9f03f688a4c600941b4475ecd09

SHA1
1ced96bf828167d9b324e520186ed3fbab70eea8

SHA256
9852105cb8608d1af83cdcbbf84c318cf6844a062024a644d50d590bb7bc41a1

SHA512
3345cf4fde6c32340db0a33fa297effa06413ad759592cb64909cf1b415983f8c71cc4afe1977a79a7f6e51347189a42375cc7751c249d8c8d3d6faeba922e54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
d5977d2fcb421d9dd4cfe4fe715c5661

SHA1
c319e43c1d2c4bdc2b3293fd624a8323b81af47a

SHA256
331b22e90d732f9ae644d12da63881c21c8d12cf0aaad44dc7e2067fd4d18e87

SHA512
821b2999d5686a16d9d86e6da83c6ffcf3787cd4f25bc495a04a8b54df64fafe446a2dc1a2f5787299eea1d722a899b052a8a39255a956e6e20fc118163f6503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
89797a8b0c3e2a05529cf3ce1fda0486

SHA1
2cc53f93a5640a8d9edcc77c122ceac00b524e19

SHA256
8d1e94bf2193f354b95b76f88eb6dcbb1cde7aa354d9fa9130de5ea1498748b9

SHA512
cdb9b7af409f953caeb81c93e28f0d2c20f92d567781ecf7a16ae063e2a4487b4eceb738af9a59f7d34840ef6d4367b2329ffe0e158531a98f125801ae04e618

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
410331cc6553ff6e01b923be79129ef5

SHA1
10f18b8eeb95aff115870c929585b5db612da03b

SHA256
2e6f734430ba491a9b0fa4a6388a51fcf2569632759aa68f022b6cebaab41ff4

SHA512
9d41bb7d4dabaa081abf31d764d64ad0a0627a1726b9b2034f3d450f24aebd59aa1c097ffdf86876efe971220eb3a558c91feb1aa8a92040ee294c9903a2d935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ac65ce53fa63fdd2e78952724c9e37e5

SHA1
17d9328e5734fc40a27ee7510c377c8f8eb83018

SHA256
ace83caf9512ae13d064f9ef5bc8d3c4210353f22b0e20d9f61548e4d328604d

SHA512
13756a30b8fcea24e79d583ddc82cf9bea3481b89fd8fb154ebacd2234308189df5690f50a7ce7704c73625929700f687351a1df56c40c869c0963473861d2c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
16ee218fdf889f644454048bcfab321a

SHA1
7ce2998e183545f110ac4dd0e93a6d5718cf64c6

SHA256
7979a69d5f0fd22a0f703bb1c7166744db4c97612e5113baac8de7c524670f25

SHA512
a7a71a1cea81557aaf2757bf358b4f8646bf2145b4c674a4b4e88c1f4d7b00e69edb9dac1f936f21492a954868c89167cde99ab034e3348ef1074dedba0c83b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5b2f4e2010104f980850f3e13bd65808

SHA1
1771ba8c4d005e80bc8dab93f14eb7ab083e1069

SHA256
4c74bad00b58e0f8a060b594a23b1be1e809501f1d6570b5315368c80fb53aa2

SHA512
b5a9f9290f7d6286eccbe5090e35551104033cffb9366275b0e165ea0e6284b30276596a5e1273cef0109be457223dfe197727a93d05d1b15e485c5d042ff223

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4a7b6024e6ab13073ccba31b50d1d5f3

SHA1
d6eed9cc954668b365e281f79d7ed211d876c7d3

SHA256
e7b2e969adbbcf83f59cea19b7b571ed710d357c4c1d243741625d334ce8e786

SHA512
57d0df009f8a4625718286eaf216e44c18feceeb688f995046930114c963120de4addfe46a75660107a7ae0b822b3b6ddaa5e5383dd251db19b4a1ba7023c3df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4943fecd5accdd63c1ad155891dd6213

SHA1
d28d62c069551006799f2181351f609890a2055b

SHA256
ceaa39718be7946bc52cf92b9ad640a6d1b145ceda5667a6ce2e2573c44c0f56

SHA512
c4305067c0512390290a0724494bd189665bd94969852c8a1f37142e4870975c1732e7f6c4fb42c590a9dadc23d31fca2ae49c4c5121e70a42bab7e11c252cfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2c0537ff62306cdd5608e7062ca96808

SHA1
2097b7badad8b7148150def4fecd1accdfb08e8a

SHA256
3bc519678a0355f885509f4b1bcfcaf4807a6cc1b22553c69603ea86fd372e55

SHA512
1a0beebca002801813ba27bc4928a083c34ec2591383565c33c042f0774ed342b07969f2b17776024ea98e5584eda15fb1d0044cbf36b42909798d7590a5d566

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
cdd137f98af7fa076b0127b04fd84305

SHA1
a90f436ac2e6d99affacfb18959bca429c3aa79f

SHA256
2d839c7a1a7d83fe719dbdc80fd5f9159646773ecc1389b098154b4b23e1526e

SHA512
6a3dce3fbcb3bef989dbea759a74a59a9392ef0551130333e3196c8c9b451198124338b3fce1ef44b1ed20df9544cc6b2317ca3b41842822f620ad2afefec77a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
e41c105968e4b1f09e9c7a18ed9c6e68

SHA1
0425106898e810be70b2b280ade15e546d693ff8

SHA256
b75140a01424fb0c5e3e54d8a4bfb1740bd92e63405a4422827702064a565465

SHA512
efe38b12b2476265694d8256caf5d4c527a033cf1348eec86d32ea3a40dbd2d309820ae7473dd5b6d6e537f700c9b8e4152df3151e745544642dca4f2a72fd29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
90KB

MD5
fb1a1344276ab2affbbd2bae2d203ad8

SHA1
1a8518ae40283f91198c2d22409e6f1fd19d7e2f

SHA256
2fe52127806e0f4711fd22f31869457210b8a199a7f6529f90ce952e238c5ac2

SHA512
ede98ecd8f18f9b90b732ffead9b65352416b1314a48e978cdc115413e2ff145aeab64790bc301be55818beaf94f626ca19c15a166ef873795050e650582973b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5813b2.TMP

Filesize
88KB

MD5
7510b8ea21af1f9673082c63d483206a

SHA1
0afa5031608a980c29103eb29c6099ebbd3ac22c

SHA256
3d574fba59a9d679ca23bb705308223dd698756937d57aa19f2d23b6570b4b2f

SHA512
b9cbbb806b698a5643d683b051e464399be7c12828eaaf74053ccd605e50988ed2419ec74de59b1411a24bdc174eb53edc6b19d9be3cbc577c4b57e3f225e08e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit