4756b0df0279c72945b8458636ef48a10a120ca0c5aa888acf380bf5df5a3f13

Resubmissions

07/05/2024, 12:58

240507-p7s6zsbc57 3

30/04/2024, 13:18

30/04/2024, 12:58

30/04/2024, 12:55

29/04/2024, 12:08

Analysis

max time kernel
150s
max time network
151s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
29/04/2024, 12:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-04-29 14.08.01.png
Size

193KB
MD5

c878a00682bede49df94e06e07db447f
SHA1

3d2c0e0abdd723598b036abf7b884a2e5f643b56
SHA256

4756b0df0279c72945b8458636ef48a10a120ca0c5aa888acf380bf5df5a3f13
SHA512

b04a31e781e8e50332f01c9f648ecd3e5448488a37dfc51a69c6c34f970d00cae375bb0217cca3d0d356dcece0c84c909680275ee3cdcb7880e5d0da3cfab196
SSDEEP

6144:2fn+ThcZbvN2X0M/nbj2lEL2ZSzCwjGUZ0/l8:2P+GZjMzbj2G3eLXG

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133588662482776169"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
216	chrome.exe
216	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe
Token: SeShutdownPrivilege	216	chrome.exe
Token: SeCreatePagefilePrivilege	216	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 3348	216	chrome.exe	76
PID 216 wrote to memory of 3348	216	chrome.exe	76
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 960	216	chrome.exe	78
PID 216 wrote to memory of 1452	216	chrome.exe	79
PID 216 wrote to memory of 1452	216	chrome.exe	79
PID 216 wrote to memory of 4172	216	chrome.exe	80
PID 216 wrote to memory of 4172	216	chrome.exe	80
PID 216 wrote to memory of 4172	216	chrome.exe	80
PID 216 wrote to memory of 4172	216	chrome.exe	80
PID 216 wrote to memory of 4172	216	chrome.exe	80
PID 216 wrote to memory of 4172	216	chrome.exe	80
PID 216 wrote to memory of 4172	216	chrome.exe	80
PID 216 wrote to memory of 4172	216	chrome.exe	80
PID 216 wrote to memory of 4172	216	chrome.exe	80
PID 216 wrote to memory of 4172	216	chrome.exe	80
PID 216 wrote to memory of 4172	216	chrome.exe	80
PID 216 wrote to memory of 4172	216	chrome.exe	80
PID 216 wrote to memory of 4172	216	chrome.exe	80
PID 216 wrote to memory of 4172	216	chrome.exe	80
PID 216 wrote to memory of 4172	216	chrome.exe	80
PID 216 wrote to memory of 4172	216	chrome.exe	80
PID 216 wrote to memory of 4172	216	chrome.exe	80
PID 216 wrote to memory of 4172	216	chrome.exe	80
PID 216 wrote to memory of 4172	216	chrome.exe	80
PID 216 wrote to memory of 4172	216	chrome.exe	80
PID 216 wrote to memory of 4172	216	chrome.exe	80
PID 216 wrote to memory of 4172	216	chrome.exe	80

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-04-29 14.08.01.png"
1⤵
PID:600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ffdad7f9758,0x7ffdad7f9768,0x7ffdad7f9778
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1644,i,17313517499365047356,17181229107988593935,131072 /prefetch:2
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1644,i,17313517499365047356,17181229107988593935,131072 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1644,i,17313517499365047356,17181229107988593935,131072 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1644,i,17313517499365047356,17181229107988593935,131072 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1644,i,17313517499365047356,17181229107988593935,131072 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4424 --field-trial-handle=1644,i,17313517499365047356,17181229107988593935,131072 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4580 --field-trial-handle=1644,i,17313517499365047356,17181229107988593935,131072 /prefetch:8
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4752 --field-trial-handle=1644,i,17313517499365047356,17181229107988593935,131072 /prefetch:8
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1644,i,17313517499365047356,17181229107988593935,131072 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1644,i,17313517499365047356,17181229107988593935,131072 /prefetch:8
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=1644,i,17313517499365047356,17181229107988593935,131072 /prefetch:8
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5088 --field-trial-handle=1644,i,17313517499365047356,17181229107988593935,131072 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5016 --field-trial-handle=1644,i,17313517499365047356,17181229107988593935,131072 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1644,i,17313517499365047356,17181229107988593935,131072 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1644,i,17313517499365047356,17181229107988593935,131072 /prefetch:8
  2⤵
  PID:3664

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2b24b814a469bc5c33e546d15bb62bab

SHA1
07cc57fe0adb7c965f0c8cfc4ebea088b0513a57

SHA256
5df7c7889e7b67df609351fb0d3f808c0db61b81938a283cc998edbbe615fe3d

SHA512
a1a01a3e47a3e6e8f3981be03dc21bb49b19b667b987f0c33ca012763a9d54e81042ba0cd1caa0845f8f6ab5bd37a05cc865fbd00080402a8a6fe6d1b2362175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
83444403043c3454fbaf42b6f23817a3

SHA1
ff40265f3c64b77d3eb239017c60e8a117519eeb

SHA256
de6ba92f332cfd40a422315263e45224620fa2d94c5b0752b1dbe1e917f54835

SHA512
1369741e835f918d4987ebf4d6a9d137fdcdfbcd3f60fbdd1620dafdf2b6024016b5c5579fd8530361605a8920d5f9cf0acd660b006e80eecf65f83afae9bb4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0d6500cbbb5a03bae05e2fd9084bbd66

SHA1
df4f4fe00b9b4f599d20820543d8392d25ac112f

SHA256
632eb8d9a8c00aae99c70dd2bfe1c5a3c63ba3026315e4d452cfb56c9bbec529

SHA512
920d11be9490c7071232f9ec9c51ce6af40a7499749b0fec040601867bd46eab09f3ca4a6f86237e6d3b1852cdff69a63f7f8abf72f61d1f17f13d515df6d76d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1be3298fcc5782c93a644dff85fb35dd

SHA1
5c4de7befbbe2bf4d2aacc921f7f86f499eae45e

SHA256
897dbf60a7bd156a5f98ac2a68efe7c6dfadf9404678bbae0bfe8e3342706bf5

SHA512
6cb29d4f2be9dfd6ecbbff93b0014a3bdd27168d8625ce4a9ecda48489cbbd53359f3790858324a32390d958ff461f0ad533c011bdb1cfc01170065fa5258955

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
864f189bae376f27a15caf2ccdc44053

SHA1
c6ea85b6a591633f0e7d68714f96c9d5ea46c208

SHA256
12f905c94b26686f10e995a170083264b2e46929f04d4c860e55e2f87ef976f9

SHA512
2af440c816ede374421512f42c68704de130de7e5b26c8ddcafd8cfb5dd55bb8c92437aa2044d0c334981e5b8d6f2fb78cd04dba74a414441b28064f46cdd69d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4962410276d8abbe8be1453cea848024

SHA1
83eecc97e3667c97fefbdaa3d037184a2fddcdde

SHA256
ab7eae870cfb1e5d5f11d6bd3825961d2b85a83617829de6a8f07040127f5465

SHA512
b0a33212a1ae53407ebe787ad11164227a61b65cc48cfa1378c6675be7eabf583812f3bcd1977f1c1802f07c1b15bfd4e6b2660c25745b54e3a6b1bde3428757

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e7cf9e412c577e07b21d2ccbe870fd1b

SHA1
f7692a263d973383949c42b88f6c97ffd1d2102e

SHA256
52c7a14bba71676526c98efd6dbdcf6612b022130a9fc128b1024ec06b4517aa

SHA512
3b1f049a942700ee7c042f0ae73ae4a2faf7bacb52ce23ffa98d86ae98c3a30ba362ced4bb02d9ac5aabac7cb8ad5ea8596c1319db2a1aa4c3c2279668fab1b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
44ab55d9cb71abb08dc8ffc5066a9681

SHA1
7a5f41c2556cdd752f9f12d1f71c1eca9f068f23

SHA256
38e1fd8cb2de1b049877b4ea97d57396494d20700e2fc582f59317f7543a87c7

SHA512
959f003a62ed47dbf29a5522e87f06258f7a7343964aac3d67de2a060c25853235d59d99d1028dc373f9642ecce044128d4dabb29191be7a16af08c2ffe26a19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
a70d5f34d8e4c38d13ae53916a832c01

SHA1
8d1520916d6c83ea4fcaa4677a157b92c0d29479

SHA256
8a155026aaf5d73671a102f685d078826846737638073d0ccb373bbd835feb10

SHA512
4920daa91e53b097551316ca431602f6696c547c7500ddba92d06ed7bbad3fcb867dbc7a7c41289c549e4e52cccbb953b36bccd5841a11bcd5f8b5a92c24b077

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
dbceb7cb10cd29dd4ca3b0fdfa6a4168

SHA1
0a8edb3a6912ad3c8dd8bce6cb6b7d7c3769b881

SHA256
15a2f00e0f961461df22276f3bcd2e97b765caf49249966ba946585aa5a4cd7f

SHA512
52d7b413a44387930418e1829a97fefdc3b0d78dff59865c0e2c99facb1e0f86d39ef479372b6f31fa1a80eb9d0a5cb2ef4fb19cc7f1ab7b90b9248445b10e92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
65c1c09f39b65f0bb3d58ffbd11e5c7f

SHA1
5c7b80283386bd307daf775eee064d128e735d3f

SHA256
cfcc7600824721855a1975746510973558da5eb36e55a090b021f32642298167

SHA512
ca898f847112d0ec363abeac0ed7e11d5f5002c46c31753c407f13db434e1dd76e7282299affaea94292014450db71738fb85c08d560e4989433026a8614a59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fb743732c9c8d112fa7dace55366b527

SHA1
146f803c8057752b124dd5c44eea9a8e4d706553

SHA256
b574a995e80410988fcc150c5330a07f3ffc0c251b4e8f1f1acf07144d745fb0

SHA512
2079f9366775acc0a99004b785f274568f8f4f7ab10cdbbec023e59e5a1cd17363305664fb528c725ff255fe013223b1789a38bd6397fc80447dc1ca122d249b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e4c7b19affbb30d5b7d96698a86f78f2

SHA1
75d695ed5e27e6cb929893c7e31fffde46be2e1e

SHA256
979bd3587cfcf0cb670d7bdfdb17b6a6b85613f085d17608ed1bc382bbfbddd4

SHA512
e069a1d2f04de36878dd38bd981922e356e2837650ccea8e376835f46bb344bc98263ceb78b7e232c575a1efb9755638fc7d5b6628faae0cd017c1c8f8b6af86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
24ecda0496f13cf6444204983b74cf6e

SHA1
f5aa125dacf02202fb1205bfef8400d89375d9b1

SHA256
a73ff46db63546198e67aafa6955a9a1f957d06d71d5d7252fbfd2d503dddf29

SHA512
13d01d823bfef0d8099b1ca0fdd75fc1505b89bba481f80c16e05cef604cbf4ccac50f5ac3cc5e8473c2b76ecbe11239a19ef745d9846d657f700c5f03cf6a6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
b404fe907b37ae5ef457305380d901d2

SHA1
35aebad17ac781f5e2c0233874ebb9419d10e77e

SHA256
66d09fc367c8ee368cd09b60d695ce011bb29aad978c188596c7e881d4873bef

SHA512
f3d7c6c505516b50e86eb90238cd8526d65e11dc9f47ed1a9b6a1223a2cbc940b2342500881ee1b3bbb34ac54e34c3d94deeb68864532a99be1f7026e2dc3041

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
273KB

MD5
3340e64e52aa3b349c7110da3ce76d1d

SHA1
87890fa2f5633a8ac0a0b4a24205bf046e33f835

SHA256
166425040bb58a65bf8d0e2e4fb470b5cd852e4bbb63377636965a2faa83b22d

SHA512
a8736af484b24939a0e431f2bcf342b0ea77ed024b919610d0b9ee65dcfea5a4d9f5e98be690b26baf5cff0a2847c38febe49a3e2cfae0a9f85f1276eec74afd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
d45265a81b619e8f306ee0bdc591fe20

SHA1
ab9ad460c4aa548e12122fe199e2b551782fcd92

SHA256
d6ebb9554c85615b28c27e51b2c4119e04f122d91dd909c6cde9c80d3fc1e7af

SHA512
a24a4a2f84960dbda8557b14a9dcc06fedecf9ba16d70dd17827290d40642f47897fd361d656b2d568f4d99262e5878180dcdf04715efa9e0e7b68c569ef565f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5923e9.TMP

Filesize
98KB

MD5
2f15ce1c344ff136fe5c68192424e972

SHA1
23d28a7347c76f4584f5edafb7144fb0826e52e2

SHA256
8a231c60254f1162949ac0dfd41e08cd4826a19dcaf94f81c2c88a97538f4dfe

SHA512
a308a3310db83b8acd95254747060c261836ba420ca892417c3d753846e7225387594f70a16120769e5ecf86068694c4de4fa33537b8f891b6a33b0646c16644

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit