20656fb66b0629c323be0f5a94ccbcdc7ba7fe8d14c6a11f90de18819cfc48b0

max time kernel
1799s
max time network
1697s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
23/04/2024, 17:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Elmo.jpg
Size

5KB
MD5

a6564d72511a7a126fca09696f55dda7
SHA1

afe5009a79b718a57f7b47295bc2dbaf15f15b6d
SHA256

20656fb66b0629c323be0f5a94ccbcdc7ba7fe8d14c6a11f90de18819cfc48b0
SHA512

bb484a1c1283676583fa04539b77cf5735e45b60ba13e8911a7da417159475cf2b70f2cad7ef2ea7b65067b715ac1bc9c57f2169659da3831e4c32f58f504b0a
SSDEEP

96:nBxQRQwdVJHiRfc3E1yU38aUuurzdm2l492S8VlrRV1TfHUniBTF4Tb42UvMmcUd:BWDCRoE1zUhL492FTVhsn0u2kM

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133583663886244103"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2740	chrome.exe
2740	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe
Token: SeShutdownPrivilege	2052	chrome.exe
Token: SeCreatePagefilePrivilege	2052	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 1680	2052	chrome.exe	86
PID 2052 wrote to memory of 1680	2052	chrome.exe	86
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 2988	2052	chrome.exe	87
PID 2052 wrote to memory of 4528	2052	chrome.exe	88
PID 2052 wrote to memory of 4528	2052	chrome.exe	88
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89
PID 2052 wrote to memory of 3924	2052	chrome.exe	89

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Elmo.jpg
1⤵
PID:3452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe4ebfab58,0x7ffe4ebfab68,0x7ffe4ebfab78
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:2
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4232 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4412 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4560 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3840 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4804 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4880 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:8
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1348 --field-trial-handle=1832,i,5234627857806256307,6337046049252330081,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2740

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3a897a0bf91d6130da7956345a651061

SHA1
b363c603d80fe5e79b66400675ecc3c83ddaee1b

SHA256
69fae9a70d56a969780522c333fc4a8ff201b18242c743a9ab57f2160a7e8ffa

SHA512
d45064be136dbfb68c97b8796d723310573b040b1560072e43dca57828b82d5377ae50fd8ac2753e0bc5c2437fc05a6a25567e0fa68ef173ab0115419e2cdd3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
dbc20a0238dcaa70cd030a51c60d605b

SHA1
601c2b5df44e46fbeb64087d37884be8857e60f4

SHA256
813666c21e5620ea0caeccd56dbcd275883cac43943e638c672644c77d82720b

SHA512
16b46305d959fef3be967d8ffa8c5372bfc844dda6d20c2585d901064c80098c43b4b4d7eeffcec127636605f3297e8b8c91acdbabd9a80bdfa03d969ff9f1a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4e6ba42c8224e7d9fc865dcb2f2f373a

SHA1
f024c1aac48d388b18c5ebd61078ea2e7cba2075

SHA256
0ce5dd07369312f065886de61b42556096da08752175e05baf768347cf0d516d

SHA512
a3a1c92fd40b5a6200a1f897f43a54a8ae0aef2db9de4da7f6eb546efaae3c677f8348b36b3a937f7582e9e9854c0def396a523ada2fceb320164133e0d22d9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
91c7586b751d5280dd01a1f7f3b6ca50

SHA1
e95102c828ce0eeda88c0d5017b67210c6c76397

SHA256
aaa656cebd3167c89f6d80a86ee77a85faa197f2bf3af4b29c0bb82c3331ee88

SHA512
8a9193d68fbece2d3a12868a70f66b118474af5c6d13774e97ed823c9e8f024b979d0e69aef9ef41f29482269b9dcf094354b0ff90ff1bf514813af416619d91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
029d7e23bd22c7eb513a97a55cea53b0

SHA1
236a34c7bc2d78ec4bb88a01f827b8f5ec5a937b

SHA256
2420dd58a81466b21c92a863f7d4e2987318c2fdee74b45f515df08025de9b5e

SHA512
be59d66c501917bf61b1dd05ff1cedacea662ef92dafe68b96670d91b5522b1f06da56e3a2179dfbf157142485203531ccb8659d0958cc3f052179be0c2f15ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
887d8c3c3d2262d9a7553abb449a8522

SHA1
5da21e4b8ba694af0294106fd346a61716564d27

SHA256
61a3722137381a5dedbc411dbf6082cf2e36034991fb49b8fe0567069662409d

SHA512
7b986a0691e19baf054b2ed1589db037993fbbf41bfbfcc46565259f278ad9c5dec63c22aae989f4879cc668d065950501432c9fd03612d6f7b0eac024ab7841

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
615124d5b0b1245ac9e6a929c12a94aa

SHA1
a19bdefc7be16699d424e56e3635e60a3d356934

SHA256
9e5d8bfe1a63f1d413ad6b439c01f05990ce53aa7677187675ac0e5ecebb64a5

SHA512
4e62e4106447e514ae1f4b7a075a34939b2281140d4dfa071436fdac4d68f1a2dd982ed83e284363fb13ae661cdd37612e95eee3f786024bd4f29d9af4795483

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
419a8ab625f0aecf5579df23c520079b

SHA1
787d9c8e15c34308f3984bb5164def5e35c89849

SHA256
ab8c2c8985b9a018fab8e43828f88ad97dda7a33f5846ebc037dc6d4f32122b4

SHA512
6c3d6435a08e04d6e8496fc662af946201a50906dc49f57ab48f7fc0922ed486159b00a1a635c9398e1bd1199f727c4a9e71f361b43b862181ac129e2abee1f9

Download Submit