hxxps://url[.]au[.]m[.]mimecastprotect[.]com/s/TIHXCANpK5U9xyNLcGJQyA?domain=ipfs[.]io

Analysis

max time kernel
149s
max time network
147s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
24/06/2024, 00:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://url.au.m.mimecastprotect.com/s/TIHXCANpK5U9xyNLcGJQyA?domain=ipfs.io

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133636623938803555"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
4224	chrome.exe
4224	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3684 wrote to memory of 944	3684	chrome.exe	76
PID 3684 wrote to memory of 944	3684	chrome.exe	76
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3696	3684	chrome.exe	77
PID 3684 wrote to memory of 3676	3684	chrome.exe	78
PID 3684 wrote to memory of 3676	3684	chrome.exe	78
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79
PID 3684 wrote to memory of 3552	3684	chrome.exe	79

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://url.au.m.mimecastprotect.com/s/TIHXCANpK5U9xyNLcGJQyA?domain=ipfs.io
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd9a5cab58,0x7ffd9a5cab68,0x7ffd9a5cab78
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1816,i,8907482402346307892,17330494921060040972,131072 /prefetch:2
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1816,i,8907482402346307892,17330494921060040972,131072 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=1816,i,8907482402346307892,17330494921060040972,131072 /prefetch:8
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1816,i,8907482402346307892,17330494921060040972,131072 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1816,i,8907482402346307892,17330494921060040972,131072 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1816,i,8907482402346307892,17330494921060040972,131072 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1816,i,8907482402346307892,17330494921060040972,131072 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 --field-trial-handle=1816,i,8907482402346307892,17330494921060040972,131072 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1816,i,8907482402346307892,17330494921060040972,131072 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1816,i,8907482402346307892,17330494921060040972,131072 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2024 --field-trial-handle=1816,i,8907482402346307892,17330494921060040972,131072 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4248 --field-trial-handle=1816,i,8907482402346307892,17330494921060040972,131072 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2672 --field-trial-handle=1816,i,8907482402346307892,17330494921060040972,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4224

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
5cc9e84a56aaad1daaff2c2b678d8ef3

SHA1
26a04f8ec1261211ac784a74434b627fdba82231

SHA256
9beabd9930334268712271fc11f8a2329db2022e9cf3c1f2596e3c7d1973caa1

SHA512
3d6fed8bd91e337bf7529adb61b066d341ee973f4e1eafdcf75ea8b4f4642191b800f9fc7482b92dfcf6e11a96baa1b446015d6f6a9589892aadf8d8ac7f5972

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
2ccd64bc100de7af22840c1e5ac676d3

SHA1
33df731c56ee7936973271497451ae83b0fed72a

SHA256
15a31219c18a51e042b9c3cb8584d3b06b97209ff5ee5da752fd7de8ac64cc85

SHA512
dbe918826d255b40d5e8a10b166f852c58f9e028c4a16e0f7bc1e81d6858e896405ec485b20148c94b1b5db95ff40f837f81b7192c4e523c6fc9c46a364176ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
42f81333e23bf4d6e491e351e998bde1

SHA1
6d49ffa9620bee2d8104cfe033cec88f506c0d4a

SHA256
6aefa996c0c1fe719aba5a66f488a183536faaa05810ede16acee53f7117c1d9

SHA512
210cba18525272ccc4d8608f88c6d62d67dd42c748ed1686fe3ddd5e74ba97d73f61f5114b2cc4ae5902b6ac6ea41f59c16b106a1c665b605d2d3b221e7aee23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e11232e038e7c24a812f8d05092ee316

SHA1
8001d5913fa3b089b0ecc37c486cb6f4e18edaee

SHA256
208ba0f2431d29f47328877f621ca1ecdc0cfd3b2c7226de62b29cdd1cfd3229

SHA512
2035ead282c4c2bf2831e7e913e05fa26bef6a260b741e3dc784eccf15ce618227e6e99bb840a9498be538859d34900c6e8e56c0c10b714e0865f1845703314c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e2810a0143f27e4ce66be44d6c5e06b0

SHA1
202aebabcfaaad4ee8eb38ad958ac1b2ab32cbf6

SHA256
7ecaea6228c111002919a45c0ab0335c346a1707616cc2102a8e23f992407f51

SHA512
9e7af04cdbec19f729f50305ea73ec08de19082bf4930fed57ce7fd4b5dc6f95a31267125815fdffeb93e6d47ba5dfa41189e3c8134b4516f2557c8fc4c6c3e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1016B

MD5
6f64479b08bfcfa4345412ba1bef9882

SHA1
f5ee0eea9cb436a188403825b85af2aad229d451

SHA256
96942070652881f0ec0f3aa83eca625b3c960e0902295abaad8fbca90514f28e

SHA512
a9720cc00a8c460429425cefcba7e4fbb98baac46d0b54e23a83d44c0f8f6e8c994f356acae2eb2c9dddaa2e2af4f6f8fb25f78a8195e03e6a2d103e10aa194c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
686B

MD5
c1641b0e03fd25b83aec04dfc11467a9

SHA1
8d7c23d51c5c32fdfb930d51b549547a078e8816

SHA256
7228ab915b4b0cb200947294f62b8401d1adbf6f1486549c8e04676ed04f8129

SHA512
6985f3c67447d00cc7538a73e8af919052ea2a353ad16bf6a914ada35c5fe9dbf4b8048f7280f1f731271699fa12d69fa99424dad7b57300d3f1d5dfea5e3940

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a67a0ed1dffd5e22a8ff06faa654289a

SHA1
6bf220ccd67ba8264147d0867ea11e1b7c0995e0

SHA256
800c18631f54f57a7a9fc38e15718dbd8b1f992c22954c5f1b7fdd7e9d5c3be7

SHA512
0e767766583c5b1123d8baac46196726706cb8eb4bfdfe5a4dc2f26bde67d73ede5b2d09a5deefa3d4fca60195b338436bf78da3e69dc2f019e24c4eb9f2ead2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
18ab1d3b56d0a55d6125ddb2df47a7c6

SHA1
267f276f2f56487ed28f9f12dfd83e5d29314a0d

SHA256
84212537b131d95e1916a6d2cbda12c74c8c4244e2bf6df675b823780b4ed079

SHA512
f52b5d43e5f08536f8b53e8afbb5f03562671a0bed9ce83024af722a94d27e10fa9d9dfcad06ebe1e0f622f6750666c6fa48f124024fb44a3189b9498128a017

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
7cc861c8c4770014517e3a8e7a086258

SHA1
467f0b73f77682cacde8d1380371120d347913ab

SHA256
fbe3221638dc952433a215899adfd9b57cb223de6134ca3d8d35f907f5ea35a2

SHA512
d325ec53f86248bf849dbf8ffdcde0f6a96ca2f1414f067c9d2b4f46a44bef8b2939bc59b89d21af6ef10a8e45c92caa137a4b76f90538604be71b8ec6d99ee3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
6db5860be00104547801d68b28af77b2

SHA1
9ce03e68d482ef63aa13b5ab83ca2441a5c40bc8

SHA256
f34aa063b44b3fe52e323d214d13c31ee55b46fe48a5777cf4a695db4c756210

SHA512
4745ab1804f0e1b6034508b89eae7c8813a2bb0f9fc604474c74bb8e4b20f678b37a5f5edf967f7538b71d21f85fb389335af5123271056e5a58cee4da5eaf89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
c785380564a09a9071fe73f74f3b8cae

SHA1
55f91d84b557bd69ad67caba6fd7e1e269183708

SHA256
694e4dd1defb215fc774e6c60985f47d5ccd415c394cff29a73c924484b92c4c

SHA512
8d367064f1811c11da2f3995d02ff2da281c0659f2279799f2e891ca37bebe68865a952a207c09464eb5f3007fe3eaa163e59d6701753564c18d3e2bb99a93e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
86KB

MD5
b8af32f126025cdabf235885c3895ec9

SHA1
7e5b04cc4df944f73653b217a05be89a9562b994

SHA256
bd1c534d0f39ecdf652f6c0a32807847ff31f6f7fa2f7c78e37b8100508d6ab1

SHA512
30b50d67a1cd138f396ecc370fe48dd25e77c8c3ce4fbd092607a5a2efc1915803ca4486a7155025f8ba2f807a77ea854156a686df2005f05cc3a66de2fadb0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ed1f.TMP

Filesize
83KB

MD5
12b8562c7a1342568468b0d184e58d01

SHA1
c868a2e90426f7cb46b1316ccf9a96c0ce2a3da5

SHA256
e9b1a07000faa1cf1ed7de90dc353ce159049718d4adaa3bdb95704133b2152f

SHA512
a48853a0726083587d237205c477ace942b17a9e6fa27fb2cc34f108e66204b703b85c86a5074d6fbbc9e561408ea85d97f256028d101b10d781f8eea09ae10e

Download Submit