hxxp://backdoormn[.]com

Resubmissions

23/05/2024, 07:35

240523-jetzxshf26 1

23/05/2024, 07:30

240523-jbwdkshe32 1

Analysis

max time kernel
149s
max time network
139s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
23/05/2024, 07:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://backdoormn.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133609230255916576"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
4116	chrome.exe
4116	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 4112	1716	chrome.exe	72
PID 1716 wrote to memory of 4112	1716	chrome.exe	72
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 4480	1716	chrome.exe	74
PID 1716 wrote to memory of 1520	1716	chrome.exe	75
PID 1716 wrote to memory of 1520	1716	chrome.exe	75
PID 1716 wrote to memory of 4020	1716	chrome.exe	76
PID 1716 wrote to memory of 4020	1716	chrome.exe	76
PID 1716 wrote to memory of 4020	1716	chrome.exe	76
PID 1716 wrote to memory of 4020	1716	chrome.exe	76
PID 1716 wrote to memory of 4020	1716	chrome.exe	76
PID 1716 wrote to memory of 4020	1716	chrome.exe	76
PID 1716 wrote to memory of 4020	1716	chrome.exe	76
PID 1716 wrote to memory of 4020	1716	chrome.exe	76
PID 1716 wrote to memory of 4020	1716	chrome.exe	76
PID 1716 wrote to memory of 4020	1716	chrome.exe	76
PID 1716 wrote to memory of 4020	1716	chrome.exe	76
PID 1716 wrote to memory of 4020	1716	chrome.exe	76
PID 1716 wrote to memory of 4020	1716	chrome.exe	76
PID 1716 wrote to memory of 4020	1716	chrome.exe	76
PID 1716 wrote to memory of 4020	1716	chrome.exe	76
PID 1716 wrote to memory of 4020	1716	chrome.exe	76
PID 1716 wrote to memory of 4020	1716	chrome.exe	76
PID 1716 wrote to memory of 4020	1716	chrome.exe	76
PID 1716 wrote to memory of 4020	1716	chrome.exe	76
PID 1716 wrote to memory of 4020	1716	chrome.exe	76
PID 1716 wrote to memory of 4020	1716	chrome.exe	76
PID 1716 wrote to memory of 4020	1716	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://backdoormn.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe30759758,0x7ffe30759768,0x7ffe30759778
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1812,i,12866677784509295374,3910596573990727123,131072 /prefetch:2
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1812,i,12866677784509295374,3910596573990727123,131072 /prefetch:8
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1708 --field-trial-handle=1812,i,12866677784509295374,3910596573990727123,131072 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2716 --field-trial-handle=1812,i,12866677784509295374,3910596573990727123,131072 /prefetch:1
  2⤵
  PID:196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2732 --field-trial-handle=1812,i,12866677784509295374,3910596573990727123,131072 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4492 --field-trial-handle=1812,i,12866677784509295374,3910596573990727123,131072 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1812,i,12866677784509295374,3910596573990727123,131072 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 --field-trial-handle=1812,i,12866677784509295374,3910596573990727123,131072 /prefetch:8
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4364 --field-trial-handle=1812,i,12866677784509295374,3910596573990727123,131072 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5184 --field-trial-handle=1812,i,12866677784509295374,3910596573990727123,131072 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4952 --field-trial-handle=1812,i,12866677784509295374,3910596573990727123,131072 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4448 --field-trial-handle=1812,i,12866677784509295374,3910596573990727123,131072 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1812,i,12866677784509295374,3910596573990727123,131072 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=1812,i,12866677784509295374,3910596573990727123,131072 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4468 --field-trial-handle=1812,i,12866677784509295374,3910596573990727123,131072 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2524 --field-trial-handle=1812,i,12866677784509295374,3910596573990727123,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4116

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
314d02105e79736c0de5866be88bdd7f

SHA1
eed08a986dcfdeb5bce6faf3c317fefc25f5af02

SHA256
374973f2168f55ea91eae7c631467e71775899a84781d343ea254fcf6a358745

SHA512
37e5bd269ff5537f2b9f14ec32bd3c53bf3f8ffa5b070bafa336365be8234c50bf437d5e9c314dbe7cf178f272711ac71d904d71d71819fc9313877b9b19e891

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f1b34ccdf1895d477c52eda885f627b4

SHA1
dc946827a1f32e730c549a380cc3b5e7fd866a48

SHA256
15d8d46f9d46e6052e0b61b10e0d3e533869b6a9f9afd34df2d25e74398e350e

SHA512
1d179bf6a64e33187fdbf25328cf8bc17ad8aa2b14ed4ad69d85cbcce4f7866fa5e3d5530e4dbf9af1d475f103b87c5350d904bde02e41d4f31e12e0df79751f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
703B

MD5
6be7b2e0e6b7b255410cf84f19ba7d3f

SHA1
81baa0330803132c7a6e1be1f850dfef224f6389

SHA256
b73840b08f78d47215f9619a07f313f673510895da4a30f68b55365b401ba106

SHA512
7e6e950c2f0996a02d722471fc0056b1c692099e427b7d61fb3ae9d3239dd99c17c2328aafc2b94308ef881b7a39b9fc573cd4d327ec4c6c12d7673da3ef8477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
95605a90027ddc7a622e516a87e59365

SHA1
a345f5661378383f381f7fef61a692ea653e127e

SHA256
16c0a77d7819cf00aac425557787296f120b5e6753e80ddac79def8a4047804d

SHA512
db5b149b32af3700e62b22c4eb48beeeafa47f67db34d8fd40c0a705ae1cd5cc7ef92eb8dcca5cf8a9ef9d3c21a7d92ce0f734bff7d771533e675f148ae1183d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d03b821bf8852310f4a35aa551f5dc64

SHA1
d036adc2c3c17a22cb4d6e15da7e4d236ccae722

SHA256
9295e3276a8e113211c94864ea2cdb0baeb4e5e1ec97231957af5773573fe852

SHA512
866842a68390c0388249d00577a4c08781cb3f355b1a4ff09dc7b5171527ef348efac61fd566b6051a69d26a8dd048fd2d7cbe15e1d44813994499299ea6432e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
79ffaf474aa49d3716a6ddfcb757c954

SHA1
825793fc528a754ea26ceb139ea6f25fbe110e37

SHA256
621bc64a0f7d780dd07293409d04ee9b6c75545fb727bafddc90ecdb8516114e

SHA512
29b24667f000d967c489dd8ae9bcc261cfa8797a4e9789f6be37341264e46321ff12a3313b526ead1a8f59c94a387cab8e086edb75eb71d486d0238e58fa0c42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
07691bf8cd659dddb515b00a46cae633

SHA1
5e19fae03119be0e1cae1837a3848ae8a0280f60

SHA256
7fb73a1e2bb0d569d34fb4cf556bbb40938676e6c89d941139ccc2b652733e7f

SHA512
abaf0eee1f5db2b1f64950302310c268a985ee998b04a07a6d356debcb1ae7f4a5e7722438eec4cb0ac921ad956e7a62b010185fcf6c56e62d1cda882caf3f79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e00b5be65663b162e96d352fcb98bb49

SHA1
6c46f31b61367c66778c0f6ca3adbf31d75e9e05

SHA256
1a7d6c24bf41b3a8158b3762dc5dcab634c0d6ab7cfc8765c2baaca513412693

SHA512
fef3b2303bf4d430c586eba58a0f50a444001141e120e6d7923eae221530f31607b7344b4da82e85bcd6fd595235c4c2736b67812d25dfcadaa095d033d366a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
157KB

MD5
2bcb66f76b01381c2e41f9f80570264c

SHA1
124ac4e642e97892abf05dedff3fb668b8b25520

SHA256
c0c3ebd58728f5ad6cd48e772add1830f443a3c9ebf040d628a2bb4a83ffcfd6

SHA512
b73efc387afa2d6cd8c2266fde648097ccee80b777c83cc24fba546b61e1d58c2b03b15c30cc83aaa444e105ffe2430effabb87eff0ded70f5e9f3aec559849f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
0d25b7ce17bae80b4be94c1c862e7ca1

SHA1
976be783f9ebd0c99cad12ab199124b0b3a7d527

SHA256
11060b0cec5c8b6e7cd03980b40046c7b13d86dacf3fde23ff79993e6ad5a569

SHA512
aab2be7f717a6e0d937f8feff57da4631c0e0aaa388e624e841bac19b944cec1d5ff400ad3ceffe4b0d0740f5f827e49b9651410d8a2cf45a12f2c48e4889f4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
76094378aa3b40091c4ac1cf44804024

SHA1
bedc05bb2f26c0284efc936d47bfa313f9afaa8e

SHA256
9b41804738c574a417361d9659cad61ddb7a2bbe892e5febec393a135d2705f0

SHA512
7cf72b9d4dd88e4ee8258951d366d1323da075f4f16c1b9a864adb3bc03fed3878bc9c42761f998e585a96bf69078588543a76e58bea31cf1acfc7e6f3388e53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
5889ed8438bd9d3c4318ce436851f09f

SHA1
d6a35a7f1b151c87ba371230c2aed3cbf3081a52

SHA256
48d0da1d7f2a86d98b285f5a0a34c1ab87b8e318840b852849c70c5028184214

SHA512
5b4a2d951adff2156d9d8e0ee2b87cf30f86553ed12f37e9addf626b82c4ca78cc4f94524231608bc9b8a21e1b4782ca817e10b9316d2cfc917c63e6af7b3aee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
fe843d60e4f4c60b967c446fe25b7329

SHA1
95d18caba141c4c55084da05bead5d5d018c2603

SHA256
7805046e7dff70ed0c04976d868959275fc77750a8d273a582ea0a224d868b78

SHA512
48582d7f77918fe60209c8fe8e399ac52ef3c2cd0f86baf520515d914b58e4e0a020dc4e1415e3e13bc98c151f6021aa52aee1890d34feaef7a9a769c689830b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5804fc.TMP

Filesize
98KB

MD5
43581f2f4e507d295674cc5aa728aea1

SHA1
27a22bcc2a02c4eba09c51e665b1db2dd5b74b93

SHA256
cdec2c37b2432860099395893636142810eed95ace4f76af8199d0f6ba8b2a77

SHA512
4e41a7edea3bafd09f93ad200b5284ddb298d34f121587f38546920598a6a631d8ec732b07ba1821f02b07c13013f0711fb580e5d81b1a3084dd26fe1098dcc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit