hxxp://p20d[.]gt1obackky[.]loginlink2[.]site

Analysis

max time kernel
153s
max time network
155s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
15/03/2024, 23:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://p20d.gt1obackky.loginlink2.site

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133550197003998947"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4468	chrome.exe
4468	chrome.exe
4208	chrome.exe
4208	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe
Token: SeShutdownPrivilege	4468	chrome.exe
Token: SeCreatePagefilePrivilege	4468	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4468 wrote to memory of 1480	4468	chrome.exe	73
PID 4468 wrote to memory of 1480	4468	chrome.exe	73
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 2256	4468	chrome.exe	75
PID 4468 wrote to memory of 4496	4468	chrome.exe	76
PID 4468 wrote to memory of 4496	4468	chrome.exe	76
PID 4468 wrote to memory of 1504	4468	chrome.exe	77
PID 4468 wrote to memory of 1504	4468	chrome.exe	77
PID 4468 wrote to memory of 1504	4468	chrome.exe	77
PID 4468 wrote to memory of 1504	4468	chrome.exe	77
PID 4468 wrote to memory of 1504	4468	chrome.exe	77
PID 4468 wrote to memory of 1504	4468	chrome.exe	77
PID 4468 wrote to memory of 1504	4468	chrome.exe	77
PID 4468 wrote to memory of 1504	4468	chrome.exe	77
PID 4468 wrote to memory of 1504	4468	chrome.exe	77
PID 4468 wrote to memory of 1504	4468	chrome.exe	77
PID 4468 wrote to memory of 1504	4468	chrome.exe	77
PID 4468 wrote to memory of 1504	4468	chrome.exe	77
PID 4468 wrote to memory of 1504	4468	chrome.exe	77
PID 4468 wrote to memory of 1504	4468	chrome.exe	77
PID 4468 wrote to memory of 1504	4468	chrome.exe	77
PID 4468 wrote to memory of 1504	4468	chrome.exe	77
PID 4468 wrote to memory of 1504	4468	chrome.exe	77
PID 4468 wrote to memory of 1504	4468	chrome.exe	77
PID 4468 wrote to memory of 1504	4468	chrome.exe	77
PID 4468 wrote to memory of 1504	4468	chrome.exe	77
PID 4468 wrote to memory of 1504	4468	chrome.exe	77
PID 4468 wrote to memory of 1504	4468	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://p20d.gt1obackky.loginlink2.site
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd59409758,0x7ffd59409768,0x7ffd59409778
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1784,i,1245798675372700996,3462262508318808402,131072 /prefetch:2
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1784,i,1245798675372700996,3462262508318808402,131072 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1340 --field-trial-handle=1784,i,1245798675372700996,3462262508318808402,131072 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2656 --field-trial-handle=1784,i,1245798675372700996,3462262508318808402,131072 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2792 --field-trial-handle=1784,i,1245798675372700996,3462262508318808402,131072 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4312 --field-trial-handle=1784,i,1245798675372700996,3462262508318808402,131072 /prefetch:1
  2⤵
  PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1496 --field-trial-handle=1784,i,1245798675372700996,3462262508318808402,131072 /prefetch:1
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4800 --field-trial-handle=1784,i,1245798675372700996,3462262508318808402,131072 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 --field-trial-handle=1784,i,1245798675372700996,3462262508318808402,131072 /prefetch:8
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1784,i,1245798675372700996,3462262508318808402,131072 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4844 --field-trial-handle=1784,i,1245798675372700996,3462262508318808402,131072 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2784 --field-trial-handle=1784,i,1245798675372700996,3462262508318808402,131072 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4956 --field-trial-handle=1784,i,1245798675372700996,3462262508318808402,131072 /prefetch:1
  2⤵
  PID:604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2652 --field-trial-handle=1784,i,1245798675372700996,3462262508318808402,131072 /prefetch:1
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4540 --field-trial-handle=1784,i,1245798675372700996,3462262508318808402,131072 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5104 --field-trial-handle=1784,i,1245798675372700996,3462262508318808402,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4208

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
b982ead6fc2aee14d01b1d41f38cbe8a

SHA1
e3783f6ade7afed94a3138ee77dd52dcaae89705

SHA256
e38aea14b96580e174e13d7b3236497c759613bd2bf874e263aa1b093efeea8e

SHA512
71621f55b6688dedb0d680f7289441088e0fc4be107b4981be8299f8f364ea09e79ea72d0c2989d68566638235ce6bbe128fb53dd1aac21a2d9f28ef46589be2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
c96463c23ca3b65c0688e1424ef2e12a

SHA1
550ae3b4a20b369a0a9313be029afc75d1eb0982

SHA256
84ba3fdfebf84d7126b4dac291a03c7af05088fc86dced8f9c2443f4e754283a

SHA512
1eda8cdf9da8601252f6322696cb55d7fd459636f9a681a5e3d6aaba8076445135d216ee09a6a23e938baad2419721ee29cb45449446d50dfe65eeb216388236

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e8f8bbf0875560b992755a5b87b54cf9

SHA1
e77edf0ab9caf9c459942cf700f2942b29098a48

SHA256
a35624e0bd759594d35d01bd23b352405c300dbc2b11492b674d499bf83f8797

SHA512
5ba097fe0dde00b856ec5269d77858cb2404cef1b9ac66ac69666fd46859c873e715a64450c0fc15e04b9c4f7fb622a10057341b4aa2fa6d3937cb1ed34314fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
589c6f0893e0edea3836f884c5272133

SHA1
e2c1e2205d4cfde12a6ad0eba3bf8a247451ac24

SHA256
b53ead041f0187ba7cd088602cbfcf2270478b2eb3509ca41d88581b4bf1a9d8

SHA512
501820ed19a892d6aaf399c3770e88e8987e287d6e210b1ccfc8d701aa02e9282b9fbfb0b5e2c68287549700de70a561cdb461e34de6f22170ed1ee0e24f9bd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
5748d0d7551c1e21d0fc75f7d3fb4d68

SHA1
d25a5f1fcc06a422bfbd39318964a53027b2f8ea

SHA256
5ee3a441608c4cd63828c442b609787232364f750271c8441198769179735f17

SHA512
3a88c115e1c6fd560da8ee6b4aa877dd79d3f581bfd9900abc61b9e9539d06eee13b4ca5c02debd40d52f8900273ea1a5d506d6903324a2d54d38673cd732807

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
084e688a3da7e084a77fb12dd0e946c9

SHA1
4184b9be9c74095a1bed552a4ed7ad5c942e01f4

SHA256
c0285c68206dd8f565a05af5a47939c51eccdb4599b28667252a5bcd0080cdf5

SHA512
3619a2e91ca80ab2e2e87733b6b2aee299b6c3a2f9a7ade1600963d515438d0764e50a8bef3bac27ec7db7c70a87ded51a74cd53f50a68323c6ec0249f5f3a3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
56c6ccfb0225c5058b78d65e296ce927

SHA1
df5efd45ccd900a53182c1cd7bd952aec13f9584

SHA256
62495f6d8a1e69570b6fdc0960e97349cdceca705bbf47afed359d767f1af3d6

SHA512
aa264bb265e07c134909891e6e284e82eb2ba767f4df5028120b4b26a1d01dfd8c114113f969ab54611ae1a2ff6c1e6c52a28cff487d133508348af7ea1c6241

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2f4047d4a23d9a03f9bd6d1f3ee61b05

SHA1
a5ab07395765d5e8bde8d05e048e0f6614385ea4

SHA256
b124f4708e5a4188df4a7fb9c66b02fe6af0f1ea67619f2e9d746a68ef0801d2

SHA512
d926c130b8b68bb2f5056052c2f93e3a72cbdd579364d551b08809f10ea40a7643ad9cdedb20522afb074917f930a0aac2ac02b7a2c6b494f4c99dc3d12e6b59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
e6d534a020d18d7e23e21a0f558e7767

SHA1
9eabbf5e1fedde11074c747a1acc9e223c98ad82

SHA256
b8bd93363b88d5d541628174c3d69ca7efe30669276b774952044ad2b5adda2e

SHA512
6f6d6a27dc90c6e1914c0cb8a98a2d9e00ee081ba309ba38a4eef6858f9e57c694a108437647265a7a61d7796829fadc1b4a31c401fbd4ee848ce7485fa92fb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit