hxxps://zws[.]im/%F3%A0%81%B4%F3%A0%81%A5%F3%A0%81%A4%F3%A0%81%AD%F3%A0%81%A2%F3%A0%81%BA%F3%A0%81%A9

Analysis

max time kernel
151s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 21:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://zws.im/%F3%A0%81%B4%F3%A0%81%A5%F3%A0%81%A4%F3%A0%81%AD%F3%A0%81%A2%F3%A0%81%BA%F3%A0%81%A9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133536304911179403"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-609813121-2907144057-1731107329-1000\{DD5C3623-AA46-4C16-AC97-572ABEB49517}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2500	chrome.exe
2500	chrome.exe
2364	chrome.exe
2364	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe
Token: SeShutdownPrivilege	2500	chrome.exe
Token: SeCreatePagefilePrivilege	2500	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe
2500	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2500 wrote to memory of 4840	2500	chrome.exe	32
PID 2500 wrote to memory of 4840	2500	chrome.exe	32
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2688	2500	chrome.exe	89
PID 2500 wrote to memory of 2676	2500	chrome.exe	90
PID 2500 wrote to memory of 2676	2500	chrome.exe	90
PID 2500 wrote to memory of 1112	2500	chrome.exe	91
PID 2500 wrote to memory of 1112	2500	chrome.exe	91
PID 2500 wrote to memory of 1112	2500	chrome.exe	91
PID 2500 wrote to memory of 1112	2500	chrome.exe	91
PID 2500 wrote to memory of 1112	2500	chrome.exe	91
PID 2500 wrote to memory of 1112	2500	chrome.exe	91
PID 2500 wrote to memory of 1112	2500	chrome.exe	91
PID 2500 wrote to memory of 1112	2500	chrome.exe	91
PID 2500 wrote to memory of 1112	2500	chrome.exe	91
PID 2500 wrote to memory of 1112	2500	chrome.exe	91
PID 2500 wrote to memory of 1112	2500	chrome.exe	91
PID 2500 wrote to memory of 1112	2500	chrome.exe	91
PID 2500 wrote to memory of 1112	2500	chrome.exe	91
PID 2500 wrote to memory of 1112	2500	chrome.exe	91
PID 2500 wrote to memory of 1112	2500	chrome.exe	91
PID 2500 wrote to memory of 1112	2500	chrome.exe	91
PID 2500 wrote to memory of 1112	2500	chrome.exe	91
PID 2500 wrote to memory of 1112	2500	chrome.exe	91
PID 2500 wrote to memory of 1112	2500	chrome.exe	91
PID 2500 wrote to memory of 1112	2500	chrome.exe	91
PID 2500 wrote to memory of 1112	2500	chrome.exe	91
PID 2500 wrote to memory of 1112	2500	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://zws.im/%F3%A0%81%B4%F3%A0%81%A5%F3%A0%81%A4%F3%A0%81%AD%F3%A0%81%A2%F3%A0%81%BA%F3%A0%81%A9
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbcd09758,0x7ffcbcd09768,0x7ffcbcd09778
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1892,i,12477718665100305300,9762892068114476310,131072 /prefetch:2
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1892,i,12477718665100305300,9762892068114476310,131072 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1892,i,12477718665100305300,9762892068114476310,131072 /prefetch:8
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2944 --field-trial-handle=1892,i,12477718665100305300,9762892068114476310,131072 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2936 --field-trial-handle=1892,i,12477718665100305300,9762892068114476310,131072 /prefetch:1
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4516 --field-trial-handle=1892,i,12477718665100305300,9762892068114476310,131072 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4812 --field-trial-handle=1892,i,12477718665100305300,9762892068114476310,131072 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5140 --field-trial-handle=1892,i,12477718665100305300,9762892068114476310,131072 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 --field-trial-handle=1892,i,12477718665100305300,9762892068114476310,131072 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 --field-trial-handle=1892,i,12477718665100305300,9762892068114476310,131072 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5264 --field-trial-handle=1892,i,12477718665100305300,9762892068114476310,131072 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 --field-trial-handle=1892,i,12477718665100305300,9762892068114476310,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4012 --field-trial-handle=1892,i,12477718665100305300,9762892068114476310,131072 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5708 --field-trial-handle=1892,i,12477718665100305300,9762892068114476310,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2364

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
de5bce1e7b5388f7fceb9da385c47fbf

SHA1
20a35f21a4bf5a1b2337e4124fd499eb8c0afdd9

SHA256
69512eb87c7b363ee223b7471fae116000e6a674b3f2feb103c7db1ef0b9e71e

SHA512
41b123c20b205b1501539a406bc44ac3116eee18cde76b96037b67b29d191786c5728192b1684bdc85da8197b793960de9e18af2810d6bad290ddda8ca04d761

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\71488458-9935-4c91-bd07-37d3fda98b79.tmp

Filesize
871B

MD5
47e68e7da7c046ee54efb184a18f13b1

SHA1
c180c3489e4870889deb1844363cc8e11ea21df1

SHA256
dd462e4f32842ccb21cd17e87ff253226ab294c0cde48a6852d6e0cbbaed352c

SHA512
d12c8474c48a8bec0a309a47b68efc0eb5fcc413690a65f858179cdfa447c5d718979e3dc00f3331da19f63f8a9ab6faaa5df7d3435b24329e3c89e5fabacaf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
df4241c644d2e2157898dcd3259fd865

SHA1
b4587a6bd60a3ee3d0a0c79103d230aa4a1ccd24

SHA256
ba687e06009f995671336e643bde0e6cd5e58fef79ff67cb744d118e64d107f1

SHA512
3c79c75c8808d5accd45077be72b66d6fd14208900351f010599d1c7452a77cfca01623e5929b8f2d7090d3d69f6cd0e8098225172f829397fee0278881c88ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
357dafc94fe09621c49da8e636644511

SHA1
954657dbc7edd4fbeb9acb54b45556ed4f577ad5

SHA256
4a94af07a351f3f1abcbc648f09f4566bef5b6a6ecd29f4b36f968b86ecaf175

SHA512
085ce548c4012dd55571ddcdc039554b55470976f543fc676ec9c894cd3968253f04a8949622452f1b678f5fb6ec051ab2f8179e24dabe3ef012d76758aac369

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
871B

MD5
e2a9685d26be2d88c95578d77bb0c74e

SHA1
f9e75c9f2780e547e90894bc4e0931f094d30e81

SHA256
f67ddcd30f4c66e1310b30f948090486196d89754aca398f2892ddca44f7bce9

SHA512
374fbfafd3e2742f21f129e5999142eeba8d3d4bde007665662d3471e20c8ce8ce6fff97f40f3ee8d4eb6c52b6584929487f602fc066c03f59eb5ae04e963043

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
a49f0c3a6c0d9c9c2ab98be061f28a97

SHA1
bf55f31734726ec193cd9aa1a69f4f1893c61720

SHA256
2e9e9b46a8a6a7aa529c1a97d2a4414d47ee1be86b4787c7394cde81101c3cef

SHA512
3e57af6aa4285c883b1c6d5112da97b9942badd3821367640a83a691d7c595f579748a3798213a7ca3fffd46042d6aa21b4d1cdc5f266cdf2bf4ed890aa9d090

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
871B

MD5
5450650fead1aa787758a9731687ead3

SHA1
9602b6e8b7b538d631f879753d8a4f5cbc1a823e

SHA256
6d51fc88e8f80fade8fe534c39c805eb3c6811cb8578035277f55ab38eef8270

SHA512
1351966f777268125002ca5a24e7067751c16615091e5b84f2a9fef457617fe4bc21c27bae6c7e4a91e44ef2f78dea08f66a444d38f8ce75ac2c8cecc0f10be4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a3935dd25818693d87adc499bafaf184

SHA1
20c79f301917f416ba285967205db9ec0924fd24

SHA256
5a7de52f59ffe3f186599eef2081a54f314393dd1e945031f299d68c8a649919

SHA512
eb663746922d3d252e71744aa59cc07832a570dc01995de5808401939ef0d0eb047288409516df30d7b9f0fb2cba42054b162761a79d43a92a89f6c92f39e781

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
de4e6f46c2d18c8e8c9e5d52b3e6dd8e

SHA1
fa985905623447d26895306cea0b5757d5dcdcff

SHA256
52f2fcd7456ace7ddd077c314f1f356684dde49e142056209f8469182e314737

SHA512
c07fc4e12ab6609d141710b08d0ccf8c00c818c600e7721e8ba07f7641b30762e9476b4f1434ce73a1033a6cba4bc2b4cec0862fda30b9432e86afe5060de0ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
51c78a7f0dd2cef5cb9b14f33b9cbc20

SHA1
823bc28558e06dce74d8cf5459083ceb0feabfec

SHA256
5ac4c1c132bc165780336f8a13cff9caffca54a8c427c758f71fc9acdb88024d

SHA512
26c56d03e5a9398ca6eda0cbe8575056f3d656bef8c22cbdbc80a30f28fdbd07fcd05cec72b8ac22c496d7a424679538ee6a6e7cf4683caab26446f1a85b3b6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
116bd39318faa5d08e1fed506f054034

SHA1
012762b49605c904ece6363dbf8a27eeebce52c1

SHA256
78883cef315121ee34bf543ba21d524c73c7eb4271eafca7ddf8391884baf5fb

SHA512
8e2699dd8d2b09905a66ebaa86b3c97797596b4da0fa54ee7e570831c51a645a370ea89ddc9c3db68d92724c7ce215ca9b36f2f518119e265b33e3789e5f1259

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
b01b03849c9701b324009e38afc5253c

SHA1
4cde15a67c8d558afd01d260a30034639521ff78

SHA256
ae9d9460fe6991d41f1d040912e121b6def57360e66055e7af846c7bb00209ec

SHA512
11af268d5f2f8e97ec8c74b67bcf734c38bb0b9bd201fb05321ea0020963674c5f5742e4093df03ea443f260037a1d1c0313d9a846e41e44d28d8f3c7e8d446a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit