hxxps://cloud[.]letsignit[.]com/collect/bc/64a3eca954713a2794aca877?p=15JDtxBwHJpMT1yAQhXryALTLVB5yIdR6qtp7BCJsZxO4kQWpx1lPT-25HNf5J8q7iP0Zn5ZR6oKMW2Ie7s9hVukuWdcRCJoEzlCaBQIIvfc8T82sdV39vMJI3X7e0POkkBzaddh0ePQd9E1AcYPoVAlowWiPuPqt-EKXA6uYd8dRGZNOsLZpir8PhKm1DDpW8zEx8cL93NVdxORij8N2CSJApxltTuwvBH5qSHm1gM=

Analysis

max time kernel
149s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 09:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cloud.letsignit.com/collect/bc/64a3eca954713a2794aca877?p=15JDtxBwHJpMT1yAQhXryALTLVB5yIdR6qtp7BCJsZxO4kQWpx1lPT-25HNf5J8q7iP0Zn5ZR6oKMW2Ie7s9hVukuWdcRCJoEzlCaBQIIvfc8T82sdV39vMJI3X7e0POkkBzaddh0ePQd9E1AcYPoVAlowWiPuPqt-EKXA6uYd8dRGZNOsLZpir8PhKm1DDpW8zEx8cL93NVdxORij8N2CSJApxltTuwvBH5qSHm1gM=

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133591144925001905"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3916	chrome.exe
3916	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe
Token: SeShutdownPrivilege	3916	chrome.exe
Token: SeCreatePagefilePrivilege	3916	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe
3916	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3916 wrote to memory of 1656	3916	chrome.exe	84
PID 3916 wrote to memory of 1656	3916	chrome.exe	84
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2036	3916	chrome.exe	85
PID 3916 wrote to memory of 2360	3916	chrome.exe	86
PID 3916 wrote to memory of 2360	3916	chrome.exe	86
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87
PID 3916 wrote to memory of 2756	3916	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cloud.letsignit.com/collect/bc/64a3eca954713a2794aca877?p=15JDtxBwHJpMT1yAQhXryALTLVB5yIdR6qtp7BCJsZxO4kQWpx1lPT-25HNf5J8q7iP0Zn5ZR6oKMW2Ie7s9hVukuWdcRCJoEzlCaBQIIvfc8T82sdV39vMJI3X7e0POkkBzaddh0ePQd9E1AcYPoVAlowWiPuPqt-EKXA6uYd8dRGZNOsLZpir8PhKm1DDpW8zEx8cL93NVdxORij8N2CSJApxltTuwvBH5qSHm1gM=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffabc4cc40,0x7fffabc4cc4c,0x7fffabc4cc58
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,10556256608923072861,14597568685355146618,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1916,i,10556256608923072861,14597568685355146618,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1852,i,10556256608923072861,14597568685355146618,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2452 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,10556256608923072861,14597568685355146618,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,10556256608923072861,14597568685355146618,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3140,i,10556256608923072861,14597568685355146618,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3440,i,10556256608923072861,14597568685355146618,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4692,i,10556256608923072861,14597568685355146618,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4372,i,10556256608923072861,14597568685355146618,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1008 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4420

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3144

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\318bcbe7-d1ed-4e1f-9b86-f4dbe5335c40.tmp

Filesize
9KB

MD5
453ab95611b9919e3177ff19368110c3

SHA1
faf5aaa22d60e89c2c2018a97004d3104524675c

SHA256
05bcc5cfb8dd0660fb545affc71da4117862877b86cabc1ca4b9c0cc3d816642

SHA512
2aa4a09794f14f91eabb4798f9a50c7d2494188760d3f9f5aa36b783c714d5e221e3a90c40a9213d34737b7ad4982a3fa0cdae139031c2edf3b6deb73bfb5f8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f1c70cc9cbadefd3ad2c373d79d3c4a3

SHA1
8511c73e7a557f6c1799c39928b3a8765361783a

SHA256
b8552b45390f8418abcd644d28889c644cd6a1a9aa656bb99349872898e8cff4

SHA512
9462872db722d0d362a6955c77872b941b1d8d5ccd3db5c854fb77f7234a65932f9c0803c05fbbd4ad836ece5511749668855241368665231b191c76177faa75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
ef0e4f29d2ecd9c9d996738a5ea79baf

SHA1
e6b9919cb664ba3b2304133c8d35c8bb655f0596

SHA256
641eb4c9b0556aebb8f91fd1c9ecb9aa865e8370f5e115a0828a320338d86696

SHA512
dc5b852ab9f9b1b39bd227dd79d7f724cf184d2ca5f8b012b9733740ed15dbe812aa331ca8c7f29c4aaeeb931101c91ad96ddd2354af45b2179839bdf532cdf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e44e113d4218811668de38da87a6f1e6

SHA1
61d3e829067e946a23f86e744d67cd8cc4a5d4d0

SHA256
6cecb7b0348bc277f342f29e2317dfe672f053061dc1aeb55e48529c945180f3

SHA512
026c5a55e7b17886ac963a1d90233d9efef8b57dbe4f518727f4dca02bf8cbadcc7d60ec58040c43099723ef419370e61a448ead0c5ecbcfd3d35e277599818d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
03acec8da2dea43ac1d81963385bb1a7

SHA1
53a5d2e6ce4adf420f7a275029f2ae25b39173c2

SHA256
ccc21c67890c984d6aa1225ff6e68d9e651e52ad0479bd89ebf0db305f0dbffa

SHA512
823f55c5916294f3b3b5d70c6cdd477947d5f22af2a404bc1f79070f55fa6cceab006b064917fa73cb29f81c9a83a2a848e7286d8e7d0f429e098f07752b6aa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
14ae1a8709107cf2f22a5c01b72add77

SHA1
5ef63c6c1ed4633f6e1e5b8ffcff2a567415e28a

SHA256
9a84a19a0a978d25669786ff9646582e05cbb33937a6c1ce1a134c5d19bb5033

SHA512
67478a18d5651c65f0bb5c2f1164b78017bb4a022641deeb366d0312dfb81fd231e691f5e0023f0b1d73a129e400fe42f03d615718c5c674d93a4b1634058291

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
15483ef0f19fa80ca1195c887ea3d5d2

SHA1
d3b0410b171682e4d6890d50cb2e5e0a0c263d89

SHA256
aa25dd00f5652a96e4ab84b0242dbe1d3126e4abd0d4dbae53b162ab35119ba5

SHA512
8a50b6ffb37c6500e00213ece8b57d8c998e30061f11f367a5a24c001686c1960541436d1c3986b41068c1add2233b3711b154630f14a5aa71d1f31c5cc3bc3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e96b81c9471f3f3151a69d0c5f2fa413

SHA1
93bb4dc45f114fa60ddcf16c1dbceffdcb0d8622

SHA256
2dd170431d64b3428e8757d8ff65fa7f69746683e03b57eede0ef35b5b6d2562

SHA512
a8702b14c4b1e44c501661b4bae75ac7d9eed0f88f2c431c14230d5670bdc44be4233beb4e2d3feb0b90d09303a551635a026290ea22371544bc53a2a0842881

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
45f6fc2c052a130f87c78c65d3bb5389

SHA1
42ee95c7a1c0835d9a83d2da962f684e126e85e1

SHA256
e76d32182971c2a534c887a034f6503b574e300ac8240b0736629fcb9a7200e9

SHA512
7aecb9049c5c78df613d9a15f8289736c6eaf99157733eb9ec2e52f6e0c650da2fd41bbfcc746148d4531a20e693939a6d0cfbbb01da756f5c7386b5d4835b2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
298905a82f01297a41a24031712e0d1b

SHA1
ced2e1d6a9f9abc584235ff837d93353441c8654

SHA256
ba2ea64dc2b50c030488c3ab83f36740c77f3ffbdd1f868399d89f1701ba6b79

SHA512
fbfd7fd3bcbeeb5922ee217976bafceec28412041fd0c6fdf51cc2746416e8f47ba76801a8218721fdefe104ea0547505fec47d93cfa75be166149640e4f91a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
75ebe07d9fc5c6f7ed8253f01d103690

SHA1
c6070a5a8091f80cfb9f21391c1386b946d3c73c

SHA256
c197c36a4a06af0960239601b08f28ad74c51893676ff7b0f0758f0803990848

SHA512
064cd29bcfebfb4cd5286c6bd4861e6773e467eb6e6238cd8b3da3207879a05e28703c5db30d63a37e0f0c1b772d3c7a910f7939d3b901da088dbfd2a1ad096d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
8bfd84a625779c37fc72052d82869538

SHA1
f6952a93b14da1fa4fc092ad42472ab501af14f9

SHA256
00be24adf913e8b2a35e10d047a8a2db72d1541eb660a225cddd9b9341280598

SHA512
8e4c4946f4d4009d0bd9619e4678d201e840f17f8d74e49a3f043816da434de95e79b93c9add3fa38e0ef2976df0984c770ff8567e2b7e8da6642623b6b982f7

Download Submit