hxxps://www[.]informdata[.]com/e3t/Ctc/OP+113/cK7fq04/VWQkFb5Mbwj7W1M0j978l71VVVNrtzX5fnY4vKqQH3qgyTW7lCdLW6lZ3pbW2HL9K45PwWGnW6mQjfn1K7n-YV3H13-6pmZMWW4HtxtG6yq2M5VBt4FM4mhjGfW2gcr2p5nyNhVVwgM3y7HjSJQV5wqCp77gtzmW5P5-pM7rvtPgW39QkZW61kD2hW5PT9Jn8YsR5JW1mMP_H5Gdn3TW1lQHzV4bHjYkW3gy2b_6F6RFJW7NWSdh5glJqzW2sptHl3-qtVPW7JBZlr6Hj2npW9cMjdV2MLBR7W228GFy5-7tb8W7hVdq33c4357W28LJMv9cc16cW43GTt84Ynp55W33xFbj28xRcpW17DlKW7CJ99Vf1p6-Xv04

Analysis

max time kernel
155s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 18:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.informdata.com/e3t/Ctc/OP+113/cK7fq04/VWQkFb5Mbwj7W1M0j978l71VVVNrtzX5fnY4vKqQH3qgyTW7lCdLW6lZ3pbW2HL9K45PwWGnW6mQjfn1K7n-YV3H13-6pmZMWW4HtxtG6yq2M5VBt4FM4mhjGfW2gcr2p5nyNhVVwgM3y7HjSJQV5wqCp77gtzmW5P5-pM7rvtPgW39QkZW61kD2hW5PT9Jn8YsR5JW1mMP_H5Gdn3TW1lQHzV4bHjYkW3gy2b_6F6RFJW7NWSdh5glJqzW2sptHl3-qtVPW7JBZlr6Hj2npW9cMjdV2MLBR7W228GFy5-7tb8W7hVdq33c4357W28LJMv9cc16cW43GTt84Ynp55W33xFbj28xRcpW17DlKW7CJ99Vf1p6-Xv04

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133613949813889456"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2920	chrome.exe
2920	chrome.exe
1304	chrome.exe
1304	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: 33	320	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	320	AUDIODG.EXE
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 5076	2920	chrome.exe	92
PID 2920 wrote to memory of 5076	2920	chrome.exe	92
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2964	2920	chrome.exe	94
PID 2920 wrote to memory of 2872	2920	chrome.exe	95
PID 2920 wrote to memory of 2872	2920	chrome.exe	95
PID 2920 wrote to memory of 1592	2920	chrome.exe	96
PID 2920 wrote to memory of 1592	2920	chrome.exe	96
PID 2920 wrote to memory of 1592	2920	chrome.exe	96
PID 2920 wrote to memory of 1592	2920	chrome.exe	96
PID 2920 wrote to memory of 1592	2920	chrome.exe	96
PID 2920 wrote to memory of 1592	2920	chrome.exe	96
PID 2920 wrote to memory of 1592	2920	chrome.exe	96
PID 2920 wrote to memory of 1592	2920	chrome.exe	96
PID 2920 wrote to memory of 1592	2920	chrome.exe	96
PID 2920 wrote to memory of 1592	2920	chrome.exe	96
PID 2920 wrote to memory of 1592	2920	chrome.exe	96
PID 2920 wrote to memory of 1592	2920	chrome.exe	96
PID 2920 wrote to memory of 1592	2920	chrome.exe	96
PID 2920 wrote to memory of 1592	2920	chrome.exe	96
PID 2920 wrote to memory of 1592	2920	chrome.exe	96
PID 2920 wrote to memory of 1592	2920	chrome.exe	96
PID 2920 wrote to memory of 1592	2920	chrome.exe	96
PID 2920 wrote to memory of 1592	2920	chrome.exe	96
PID 2920 wrote to memory of 1592	2920	chrome.exe	96
PID 2920 wrote to memory of 1592	2920	chrome.exe	96
PID 2920 wrote to memory of 1592	2920	chrome.exe	96
PID 2920 wrote to memory of 1592	2920	chrome.exe	96

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.informdata.com/e3t/Ctc/OP+113/cK7fq04/VWQkFb5Mbwj7W1M0j978l71VVVNrtzX5fnY4vKqQH3qgyTW7lCdLW6lZ3pbW2HL9K45PwWGnW6mQjfn1K7n-YV3H13-6pmZMWW4HtxtG6yq2M5VBt4FM4mhjGfW2gcr2p5nyNhVVwgM3y7HjSJQV5wqCp77gtzmW5P5-pM7rvtPgW39QkZW61kD2hW5PT9Jn8YsR5JW1mMP_H5Gdn3TW1lQHzV4bHjYkW3gy2b_6F6RFJW7NWSdh5glJqzW2sptHl3-qtVPW7JBZlr6Hj2npW9cMjdV2MLBR7W228GFy5-7tb8W7hVdq33c4357W28LJMv9cc16cW43GTt84Ynp55W33xFbj28xRcpW17DlKW7CJ99Vf1p6-Xv04
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8b759758,0x7ffe8b759768,0x7ffe8b759778
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=2092,i,14121056583044829912,5955480302033922343,131072 /prefetch:2
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1752 --field-trial-handle=2092,i,14121056583044829912,5955480302033922343,131072 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=2092,i,14121056583044829912,5955480302033922343,131072 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=2092,i,14121056583044829912,5955480302033922343,131072 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=2092,i,14121056583044829912,5955480302033922343,131072 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5044 --field-trial-handle=2092,i,14121056583044829912,5955480302033922343,131072 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5052 --field-trial-handle=2092,i,14121056583044829912,5955480302033922343,131072 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5560 --field-trial-handle=2092,i,14121056583044829912,5955480302033922343,131072 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6136 --field-trial-handle=2092,i,14121056583044829912,5955480302033922343,131072 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6172 --field-trial-handle=2092,i,14121056583044829912,5955480302033922343,131072 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=2092,i,14121056583044829912,5955480302033922343,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1304

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4444

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x528 0x454
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4032 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
1⤵
PID:4048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
82284751cf3246db52e136430bc41aa9

SHA1
bb46c3fa89799a2060fb95b9e486869c787898ec

SHA256
e506a35c6d861e11142e9ad18968b454fe513df13e12a546a752e23ff8804a31

SHA512
fd1b78534aca03d3fbd3ac0ba08ba8659e385c6060d45408c0a1110fdfb17e33d67abed59fa976050c8bdb39b761cc9704f5514cb8331e33424a06ded660086c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
746c66f9dd72976fe71e2832cb7e862b

SHA1
1699a0efce0516311ca8dfe73158fd8df2501bd1

SHA256
7ac89512ccaf0aebd923d428ee49108e642e44acf60483e8e2d2b79e5e553d05

SHA512
6c46336a29f94fd6ebf2600059500fac63155238d18c16bd40b325ae4213ab87d064950cfe5a8c1221a6dd0b80566472bc4a07303782972ad949de0a5e0a03dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ad69d6020092de62e1c27f543cc050d3

SHA1
b431ecbbfb6c42646b6b765c6d87140fa5ff80f4

SHA256
22a4ca62a3431bcb06c287236156901ff9fa8294ec6c9b2cbf832258a2a88a34

SHA512
577de63ecaa688ec1bc607e67b95d27cf3388a46e8ad3065341083ec80a7d0da6e5bb3e7969d558949d2b1f574f8edb3cc4e492e866ab1b483a8f2947498f5ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
328795ba77c689be75ae98bc7c64f566

SHA1
ef1d31cf5f958fe1565df9b44dd4b15301f9576d

SHA256
e0b7bc794d2867aaa4296a36327107df3f38f1ccc090c4a112a5b660b6a06354

SHA512
7f32ec83d3fc7cb93d654442d9567904ccf9fc4ebfe205a35ccad0be372791b817e7a07c8a53c30881617aff6d012d6a535b4a90f787610fdd95bb4eceef3538

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a22f69be9f75e5b82cc58d75fe316b02

SHA1
4d8bcdffef3bd61d96898f4c3c248a866c7d2f9b

SHA256
700dde5aece6848e2d58f1396eac67b9629e1d2b1c90257a285626f67f8fe9ba

SHA512
944e9ee1fa83b7dc734064b557e4ce36897904c811db9cfd735eb83920f26d24577e3574ae6ba985fb28bbad5b0a06048391caff2a215584021792e57fac17ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
927f28f6858a21b1ddd7d72ebfcbe9f2

SHA1
ddda646336cc26c849ece2eb645823b5277a802a

SHA256
9d16d179c17cd1c61d702335695b47003194138204f65e284a47a55b4d16d4a0

SHA512
28b0888a82964378c431009d61294afb5e9dea8480f41a485044efdf1ebd1bbc1b7e446fb2393ed56027d595c28f079b8fe08148b3d1b62027a2bf12888ddd0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e76beb24e0a371147e3ac7ad76c879b2

SHA1
2e34d3edf48833e74a587c1a61ff48b34db27773

SHA256
ff635ce1043d6be01f324742bdb7faaa11e25980dbf6583330de8de6247d4a3f

SHA512
cd152cc1bf1b07d27a40878709c35de76f0dbe3c1453de6f450476677cc5261bc1b6b6745e16337e9e133a10d5777200d72f69066fdd2ffa4f2697ced0b973eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
47dd62f1fd185ce65859d4ac09985c24

SHA1
2ec97fe8dcf665f62879b61d59c861fb38de6f63

SHA256
bd0ed58c0d28808842751096fbdbdd8aad155547235a7fd283da1a6a614ceda4

SHA512
264eab3c878012df30faba65aba89f658c215b60f2a76ae05706c906c0d43108cb2a749e8f32f17f0ee78084c1cf4aaa7478a6d4ef49b08116e967b2beb0641a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c8ee1e71922e02eb376edbe804a392ad

SHA1
ebcfcbcb6f361a1115a9896d0624a26bbd23f7b6

SHA256
959a11aef8a147e89da0d18c3b8e0f1e1be21f0b89e0e83076755832eb5cdae7

SHA512
84518c078e5243f6a4ab55b98976583deb3bbb4f73d93253020ba36938431533849f28061af6431c9039af92c57eff302940c340a280d48a8238d0c1dc95705d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c02b3baf9786eea262cee7568156eb90

SHA1
f8346f5cea29c1a7c87ea09b258c07afa1148ee2

SHA256
c1c9f1d3f68fe74b935866a813d02f0447306374b3360c088b2350848a02ee09

SHA512
b7390917bc33cfd174be19c0c10c55ed5524a7d92d1d54055e2951f15dacce114e2ab2cf3ddfc5ed8dd911e118a21baf3014779210d8c420a5230897d7056698

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
145546f25430ad727be256e17e2ad0ee

SHA1
b08659702ac83a5d282bea399575ac68343e8770

SHA256
67081ea2b7c0ec09ee96ab28015c91a37b2dab4473928ba457c9117683e1a607

SHA512
3fc3bcf26f1eebd2ff1e701b6205618db2ccb9782d1c140084815699d2e544ccd06b14b1569a64f361d9b3e89024e9d5ed64a3c405338ab1676515241311f37c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
27619d7f389ef85edd96591b98cf02db

SHA1
c62900ed1455e43ff8b7c99367b64cd833da9c90

SHA256
432cc88c0e8b8627c55046a9c6809c1f8b15c7e6a200c3eeea2ea9b5f5f83538

SHA512
a707822d3f26d67d1348938790d580bef06ff7be0334711f9ee68078403baa215c7b0e5ed1df17cac1cc5e802494c45a64ab0d44db1f308e78515813a27f0666

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit