hxxps://forix[.]agency/website-redesign/?utm_source=Forix_EmailTool&utm_medium=Email&utm_campaign=CustomPNWRedesign2partcampaign&utm_id=WYIBQ45SJkph8890&utm_term=wJF1PLbX2q553853&utm_content=QPQG6ueabWRvf281

Analysis

max time kernel
149s
max time network
143s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
25/04/2024, 16:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://forix.agency/website-redesign/?utm_source=Forix_EmailTool&utm_medium=Email&utm_campaign=CustomPNWRedesign2partcampaign&utm_id=WYIBQ45SJkph8890&utm_term=wJF1PLbX2q553853&utm_content=QPQG6ueabWRvf281

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585377893090647"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4084	chrome.exe
4084	chrome.exe
3028	chrome.exe
3028	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4084 wrote to memory of 2380	4084	chrome.exe	79
PID 4084 wrote to memory of 2380	4084	chrome.exe	79
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 4908	4084	chrome.exe	81
PID 4084 wrote to memory of 760	4084	chrome.exe	82
PID 4084 wrote to memory of 760	4084	chrome.exe	82
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83
PID 4084 wrote to memory of 3916	4084	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://forix.agency/website-redesign/?utm_source=Forix_EmailTool&utm_medium=Email&utm_campaign=CustomPNWRedesign2partcampaign&utm_id=WYIBQ45SJkph8890&utm_term=wJF1PLbX2q553853&utm_content=QPQG6ueabWRvf281
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd83a6ab58,0x7ffd83a6ab68,0x7ffd83a6ab78
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1504 --field-trial-handle=1808,i,11428547703188205471,13447694251847180667,131072 /prefetch:2
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1808,i,11428547703188205471,13447694251847180667,131072 /prefetch:8
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2144 --field-trial-handle=1808,i,11428547703188205471,13447694251847180667,131072 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1808,i,11428547703188205471,13447694251847180667,131072 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1808,i,11428547703188205471,13447694251847180667,131072 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3916 --field-trial-handle=1808,i,11428547703188205471,13447694251847180667,131072 /prefetch:8
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4288 --field-trial-handle=1808,i,11428547703188205471,13447694251847180667,131072 /prefetch:1
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1808,i,11428547703188205471,13447694251847180667,131072 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1808,i,11428547703188205471,13447694251847180667,131072 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2688 --field-trial-handle=1808,i,11428547703188205471,13447694251847180667,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3028

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4532

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x000000000000047C
1⤵
PID:4868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
1024KB

MD5
6c6f8aea8fe28c6d7643bbb4d6ede84f

SHA1
19c339faccc9bbf99d01cb090b68ea19d6d3caf7

SHA256
e6aa2fc91054e719dd6744b0531effd11939354cb3b83ad23172054545c94189

SHA512
1e6193302610bc74bdea33771beefdc285bf72ae81b9b0320b50f594d50f83638f79b71984ebd614db6e1819d7e0aa745f1dc48b4598d1408e27e71474a32bc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
200KB

MD5
a484f2f3418f65b8214cbcd3e4a31057

SHA1
5c002c51b67db40f88b6895a5d5caa67608a65ce

SHA256
79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

SHA512
0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
7579f5d92a02f73570ed648d9d19831c

SHA1
20e44d6463c70dac62abe6099809a15d20ff33f7

SHA256
79a712e278c3b50b49ef52687b5e6678758dbed4804feb14b53816ee9be92b52

SHA512
7d02f13ddf216b4638e942f0c23aa06edbdfdb0ddb963e2eca771a6fa028a49da50bd43992a96294119b6db7e154c69ba015990e7fec4698666d08c89f5ab5ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7e754ffb-bbea-4ef0-b230-82d0b72d2ffe.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5339b7e1a936f7e02cc3db519901b52c

SHA1
ed67edaa20d0af6d785273ae210ce0d0d22dbf15

SHA256
7adbd3c887972722811b6d92239501af671bf155ea73b96102c32695bd57c6ff

SHA512
61ba71863a767d3da4ed359e67a809641e897ce4d768c3fbf4efa8995a42902972307e61d901ce933f062243d2b905921f69f62ebff039a0f45e41017c8de91a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b7f50c76c22f944db445c9e6dba87571

SHA1
800fc25c5a7201eca6cca1c0d720fdf422933425

SHA256
8002e0798e834ca769fb605480fa83ce9ec6eaa102035415602ef1ff68b70551

SHA512
4042ad2fb2508d2b1856d20ecfe27a4412a18b49e24e977a8307e2d0452a4c40bab6685a3489c6455af796c91377c883341ac81a440ea661415ec9c2bfde8e3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9816f6b8607f04bf7f0558e5f9e25a1f

SHA1
aa59db3e451d6072a059ef6f4c7b79e0229faa3e

SHA256
34ea671a2e2b64b24fec0214e35e0fd11bf2ca8050acd6db440a81b6b8376d8b

SHA512
cc5fe1234a9ea6f4ea67d40f985e77119919405cafedbca619ab17e8d0c16570f53c80dba059b911f30feb3069d5246f9c34461d13da063ab4cb430734421fdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
48fac5066aaad764ac915ce643982a33

SHA1
88c7fde28e771844cdb10e6e1da146de9b8bde0f

SHA256
c1ad9764158279ef7990c2eabdadbabd38bba530ce9c3c63e65b534245a62cfb

SHA512
75a23654f04e22b21039c095c08a03886993e8a52b782da7d1c3377cba33756e55e706c692c5f52350748494d3c24fe81aa63b40da3b9de17309c80719b51018

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d46952815f62b07e013188f2eaf3c55f

SHA1
10db637c57e992661def772d2008cce477726f7c

SHA256
362ab056445643cd5ee9cc837b76496dd3a5b443279957ddfcf47485d21a79b1

SHA512
79b65643bd709cbea2564ef28a6d9e231dd8c706eaee18020d6ee1866787d3a04845c243f471c40011b146956ec4075e1bce647d69d2a485284c80a67c839c53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fa96c895496875280615db97094df375

SHA1
b320e0b63ed4151f92859d6e92fc0485202bea3a

SHA256
404e4bd3026224c0aeb6a994241e3a41b7e2e64f7c9101728631b2f56aa11139

SHA512
cfcdf18a583dd2398fc37023b323205ae395022820eb0ef9f9ea7d1248c08257f267f4ee09537d0e7373c87c802ed4ba5a373eee0a9d1fd15e774088f394b1e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ced26ca26f6e42c28bd1f722a6a00d27

SHA1
d0499f0a66c06bd54e55ea4b81038b271cf07c0e

SHA256
1eb8e3fded2ef4a59235af1262e1f63f7bb6a17dda9ea4fe4d665ffcd4121233

SHA512
4ce48ac9bd7e39f275f77f627b31f1d828f3ea0de8faeaa49f0f84a77083fb962bcf2e415d65043a5bf18384967e2e2d92af32240a905de68dba821025470c2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d56f5ebc-56c8-4cb3-9342-3495b3ca584b.tmp

Filesize
7KB

MD5
de3caf3867bda39e301259479fcf3e65

SHA1
263b001b25fa8fc30822535e1de44f48e1b0bc56

SHA256
1420fc61ea2466104aa2d2ce46e6cc58fa63fb7986ace8cff8378cc9e36807bc

SHA512
a5d4e0ebe654aef30ab556b1772e41c71838a8808356231fb01b9e40a3962ae2ee5f5834d6508d568708ebe6dcc442c026d3532a67b2b08478f4d9465e55dd33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
ae3073d858beba98b6bf06f330d942ab

SHA1
024fd619b70a42d194c83ac56cb4b518ecf8b78d

SHA256
eedc3f6529d01dd5d7751a4f21e02cbdb5cc702008ba162f77bb48563b9e359c

SHA512
9ed2765046402d42827b5488b567ffa234b859c8bc0b01c44ad21cd22dd84bdc5320051e7451e1f87d537dd88347c0800d502330add5f6d53e70b5de395d0b46

Download Submit