hxxps://github[.]com/rose-dll/Rose-Stealer hxxps://discord[.]com/api/webhooks/1211067200421756958/YBkvJVw2O-AzqkiK-49cNj_52d1L8ycWwHLc7ihQRgWwzCAL6UW1uNRW7lBjF6hM4izq

Analysis

max time kernel
1200s
max time network
1171s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25-02-2024 10:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/rose-dll/Rose-Stealer https://discord.com/api/webhooks/1211067200421756958/YBkvJVw2O-AzqkiK-49cNj_52d1L8ycWwHLc7ihQRgWwzCAL6UW1uNRW7lBjF6hM4izq

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
66	discord.com
67	discord.com
68	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133533296121368277"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4004	chrome.exe
4004	chrome.exe
1952	chrome.exe
1952	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe
Token: SeShutdownPrivilege	4004	chrome.exe
Token: SeCreatePagefilePrivilege	4004	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe
4004	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4004 wrote to memory of 3468	4004	chrome.exe	57
PID 4004 wrote to memory of 3468	4004	chrome.exe	57
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 1720	4004	chrome.exe	90
PID 4004 wrote to memory of 4896	4004	chrome.exe	91
PID 4004 wrote to memory of 4896	4004	chrome.exe	91
PID 4004 wrote to memory of 3196	4004	chrome.exe	92
PID 4004 wrote to memory of 3196	4004	chrome.exe	92
PID 4004 wrote to memory of 3196	4004	chrome.exe	92
PID 4004 wrote to memory of 3196	4004	chrome.exe	92
PID 4004 wrote to memory of 3196	4004	chrome.exe	92
PID 4004 wrote to memory of 3196	4004	chrome.exe	92
PID 4004 wrote to memory of 3196	4004	chrome.exe	92
PID 4004 wrote to memory of 3196	4004	chrome.exe	92
PID 4004 wrote to memory of 3196	4004	chrome.exe	92
PID 4004 wrote to memory of 3196	4004	chrome.exe	92
PID 4004 wrote to memory of 3196	4004	chrome.exe	92
PID 4004 wrote to memory of 3196	4004	chrome.exe	92
PID 4004 wrote to memory of 3196	4004	chrome.exe	92
PID 4004 wrote to memory of 3196	4004	chrome.exe	92
PID 4004 wrote to memory of 3196	4004	chrome.exe	92
PID 4004 wrote to memory of 3196	4004	chrome.exe	92
PID 4004 wrote to memory of 3196	4004	chrome.exe	92
PID 4004 wrote to memory of 3196	4004	chrome.exe	92
PID 4004 wrote to memory of 3196	4004	chrome.exe	92
PID 4004 wrote to memory of 3196	4004	chrome.exe	92
PID 4004 wrote to memory of 3196	4004	chrome.exe	92
PID 4004 wrote to memory of 3196	4004	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/rose-dll/Rose-Stealer https://discord.com/api/webhooks/1211067200421756958/YBkvJVw2O-AzqkiK-49cNj_52d1L8ycWwHLc7ihQRgWwzCAL6UW1uNRW7lBjF6hM4izq
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9ff389758,0x7ff9ff389768,0x7ff9ff389778
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1832,i,11532366668991502874,44863230542131604,131072 /prefetch:2
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1832,i,11532366668991502874,44863230542131604,131072 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1832,i,11532366668991502874,44863230542131604,131072 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1832,i,11532366668991502874,44863230542131604,131072 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1832,i,11532366668991502874,44863230542131604,131072 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1832,i,11532366668991502874,44863230542131604,131072 /prefetch:8
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1832,i,11532366668991502874,44863230542131604,131072 /prefetch:8
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4780 --field-trial-handle=1832,i,11532366668991502874,44863230542131604,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5140 --field-trial-handle=1832,i,11532366668991502874,44863230542131604,131072 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5300 --field-trial-handle=1832,i,11532366668991502874,44863230542131604,131072 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 --field-trial-handle=1832,i,11532366668991502874,44863230542131604,131072 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2656 --field-trial-handle=1832,i,11532366668991502874,44863230542131604,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1952

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
824d4af25459acdf6e695170c477dc2d

SHA1
b78d0665c58c219fd2c8b620ed6bb20c7007f59a

SHA256
4211ed12888ce0a082a54a15cb5d39d2cdf92b5f6ab22aecd197d21f70b59391

SHA512
401b9ab95cd94b685a10ae2657a26f08c25f39cfade9053008696cc16838f17cd83d8f609dc569ccbd4fc406dfecc6ebcfd390bae04f2143902e1e38f5594b4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4a9e580d96665fee30193e0d7614a865

SHA1
5bd11eb4a2ffdf12995be52a65c3c92918dbfbf2

SHA256
9bd46d5fda5c8b2e6ecfca42579753bd1fd56443d74c912bc43efd337f92c279

SHA512
3acdcc150d2042d5d4a129486b23e4278d671da659e171d022b634fa1d6b48746642c714f29a84cd3cfef65d4779258e6a7489733f0f78b067f578fe88dff828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b0c050cfb6c243ed22474af82bafe9af

SHA1
8ca2ee3e88fda13ab6d3066304b24228b8f01a21

SHA256
75600d2fe45a1129a875833bc7f44dc94bcdc141249c626444333e05a0079da2

SHA512
77d8185da8898d3a12839972f8036f9ee5441b590ba5b3acde50e32526b42d7446a78ad60552678be94d84e30a2e589dbfd161b4553bf3741c9eec26818a5555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f2258c97561ef952a5f97728cc619119

SHA1
bb5324a18dba4c288203bf301586b4029a66b97e

SHA256
30dac195fd43049bc242e3608eee271182c5a4c0928cc29b02e2c44b61ae0d7d

SHA512
aeb357fc3b3e0ce7f7602abeae171e7f24448432878bcc7125d15184bdc739f034ab60dd366f6d5afae96e5c79e7a1844bf0643580b4232d833e69c10d51024b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
53d4ba31f9c8b72fab97f07857b7b43b

SHA1
9bb520d0133807e0ba1b6aae8434cbb52bc26ae3

SHA256
bf169f352594370756b7adcaed63c81cdfb090a5884f342e66f99f689fea8156

SHA512
7a0b58b8060c47f2fde899f1287d48530714c33800180a21c4930db6eefd342ec1601bcdc53649d869e3cd3d228133e4587de14f361f5ec21a2cebe03d17e037

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9d71f4ae9d1328dac640e50d316b1c97

SHA1
007882699689e7a23b4d1e1837bf0ee45010b1a3

SHA256
5a13a8ebb530182f10bdb2dcb24a300e63dac2aff260a640977cd7dfd38565c4

SHA512
f8e8858fc897b96991b820a2f7b75cb117c91e232eac5b37f31abe6ada4d9e4d631681b51bec9f76ae909ccb5f882d19aea51cddf752de6f2cfd556b8a7d7060

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
26ca851b6211da92c83a8a0469502f54

SHA1
4a557702eac2fb8da0ee57e2596d7ba3cf8cccd6

SHA256
45841b13dd8ad6f9d037c751f89999ff19b2255f942e52c195d2203664ac60f4

SHA512
212aa4f5c36c9b8a2173fbcdb582022f5639cf9730d76beb27fa227a3eed2d50803f2752faedacd386b95b5553afa66e926b5d97138b1bf03c8b53e3f302ac1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
04050c08eed4224b62c7fa13bd7093c6

SHA1
597ffa5d8ffc4c250829b4d68b2888a4736c407c

SHA256
52e217d9a9285b4c65c9a89ccb3714fcb8745f669c881ddce2d3f12cf07cd9ce

SHA512
25c96d817688aa6e0af233d63fc37ed5cb7d93bfe83ae64d487dbfe909a56457a78076c48e097c57e46010745b9c8944bba3107eb2467ae93c79a576bbf5c7ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3aee416de1e01a5f88847b3c2d278ae3

SHA1
4d954f46550b6f9da8ecdba03fd340999a423641

SHA256
e58a2cc07698bf5ccc855eeca0c989d84fe77b68d253fdfc46f9e8da33634402

SHA512
294c5e35638ae33d05d17b80e93464af9b0acd5344653d183f9301685076d8da729515862a2da1fda8c42c937ddea1fd6a7406cb648b8c0d1ab32f3279c8b1de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9951ebc56d03e31b1f494cdbd5c8d0b4

SHA1
25f2ea3b1c23ca3e1a336a42d26f3603a1a0e2eb

SHA256
55e1d8cad9db460a2e99e87f51e35b5df481799982cb7fd30ce3e797cfb9885d

SHA512
abfe58f051ef22d4c8156d6a3f8ccab53ae4326a2a297621cb500bf7b1b518f2edf1e1d002ecf8409e2abd4fb45baad9e43853865b7e2565c1344e4d76c9b863

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
c8e8e6e73402b9f7724ccacaff0c914a

SHA1
d98d44ab08f2374ac3b4b2d6faea2ff1e52bd1ee

SHA256
7d2f824653c29514fbcee60acb2914dbeb12e8d22f1340b25d3d7e3f4998a992

SHA512
67169318dcdcf20eb1c5c1600935252aaec898aa9faa4dfc6213ff670bc7155ae1a0d1f80ab5979d4950d8f9073144187079ae9ea35ea50a2bb2fc03695e0aa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
e057f45e7bc1ec6d824891b9e7c47aa2

SHA1
ace5f0a494174d363fba209e45e9c98db122d6b3

SHA256
516071908fba85f77faea5a88b3e1a2e548c9807bbb2e42c830e4007f3e45f93

SHA512
e814f1ca82e08c031c31587ee7627e0e1a4a35befdbb2a66694a1de94a95d63ce13cc30e12a27dd707d2cccf1dc9d0f49c7d63a1fdeb625fbbdec3ae2686031e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
16063bc717ea2b81d86f0e0302ef9430

SHA1
8f4af7dbcc921ebd9278a3f3f28aa32ae02aab7c

SHA256
7597f597c2e4ea8db8ae94a6a58c37bd5c058ba34503a079c7911fef2f0545af

SHA512
ca4095b11dd9d58588f248fa3d3c251650a404a42d9b1d071bcd7c2e89f2dc61a26551fe29d9199b8216aa9bada071e9901ac48373f01d0bf0244e222fbbd990

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
9b9673073cabc1dee4cf213d63451b74

SHA1
505cb186b59d78e857bc3035308fa1152ed18203

SHA256
03116eeea64493112efe39cbe9f88b104537c3bb50a877dc79f6049007b4780b

SHA512
e732c7a29b66abeb27ceb6d468ece03be354f57508bc82a653d0d5b645ccd11182eaa959c6b5f6c4851e1efc23f9f0aea4f6b7c878ccb4c351b44642636bdc6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ab44.TMP

Filesize
98KB

MD5
c25a6b9f7f3f382f7099251e02988bbd

SHA1
50fe19e1ba192c702f34ca8c5c0b6c7bed15ead2

SHA256
f78dc2ae4644090814f2e09001e92bc10aa4f676be8351b191df9b8e72b7a6e4

SHA512
0ac3a227b95a041b531629b331db21f3ab0c781f8916936b772a02b4ef790faf6d6c8cff6dc697ded1ef369c19b97ed9342ece7fa52ae8d6a1a4c24dd597cbdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit