hxxps://gvtnmyd[.]icu/au/mygov/ATO

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 23:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://gvtnmyd.icu/au/mygov/ATO

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133654719302527633"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3684	chrome.exe
3684	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe
2212	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe
Token: SeShutdownPrivilege	3684	chrome.exe
Token: SeCreatePagefilePrivilege	3684	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe
3684	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3684 wrote to memory of 4956	3684	chrome.exe	83
PID 3684 wrote to memory of 4956	3684	chrome.exe	83
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 3944	3684	chrome.exe	85
PID 3684 wrote to memory of 800	3684	chrome.exe	86
PID 3684 wrote to memory of 800	3684	chrome.exe	86
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87
PID 3684 wrote to memory of 3224	3684	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gvtnmyd.icu/au/mygov/ATO
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffaaf37cc40,0x7ffaaf37cc4c,0x7ffaaf37cc58
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,6389580268843211415,5283279896410030979,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,6389580268843211415,5283279896410030979,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,6389580268843211415,5283279896410030979,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2444 /prefetch:8
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,6389580268843211415,5283279896410030979,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,6389580268843211415,5283279896410030979,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4608,i,6389580268843211415,5283279896410030979,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4808,i,6389580268843211415,5283279896410030979,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1608 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5108,i,6389580268843211415,5283279896410030979,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4956,i,6389580268843211415,5283279896410030979,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3140,i,6389580268843211415,5283279896410030979,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5056,i,6389580268843211415,5283279896410030979,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2212

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:912

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\43f12750-fcb9-4d65-a450-990add43fb6d.tmp

Filesize
8KB

MD5
34d47908127d9bef950369a361207cf9

SHA1
70c6b470758506d5cc7b2ba2f6d920fba3027466

SHA256
ddae1ae26eb5b7398ed28124c827e6371732ccaa2b57724897d39021c7dbc32a

SHA512
070635bdf83bcacdae8827396db5b1301df5a9a04eb018fceac52501bae78e46ab36f5b92f6305d9808c2828ad80e656ae0d999bf5fc7d91056a9b25b7ce3fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
af889275f7504c5dd327386c06dd9341

SHA1
373cb8dbb47c7bde2beb9ef765b757fb8ac0a0bf

SHA256
cd4a7522b8884ebb1e411ae6bf3220050057f58c7b8d5439be0bec0043476514

SHA512
448525067338cce8aea4e7f9ca1a94ccd98f08ac71134150070d2583e454b9bf952476cff27f31ea059a2577f82ab6229dbeebed852fd35d62f9027e93bdce15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
3f831e4783bec699c2729db642a1a82e

SHA1
cc3b165083d93db20278d14689d44164bdde22b4

SHA256
4036fcaf009094cd8f7b9c47a13b8499ff45eda790c16f7ccdce0151866a05a8

SHA512
6115a6f4fdb6c7ebd42bbedbe03c77d97d7adb4eca4e614cbe57a67a78f1b8a273534ccd26ac2b830a6cfd7fc21d2c284dfc5e833eb08252baea37fa105ff3d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
cbf61185c1423b808b7cb65e4de3e8ff

SHA1
dac1e3e5cb6e0a0506627a0cddd2f963e2755eff

SHA256
80eda957c85571324fb6b266e9aaaea5e28de411cba71c693edccf8167d9f8b0

SHA512
a1fd97bf5702cfe02045a1590c5ce5ff2383d5171b424984e34a3cb5aade3b05d62e792fef39a8c2b70a08805d8b9765bae935e0b6dd40e78497c639d8f39858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a4730b781058a81dcf05a502ab2fd499

SHA1
4eec1bb92bdaf7494c2bc8522a047763df251d13

SHA256
4df106d5a45bdd8815b1259f2bcda88376d91f18c9809cb55988ed95570f71ea

SHA512
b563fd24304146283a1e45f9cc5d9683dbb6fd081a65d84e61a107bb7533ef2969f88f560e07e638403b4312142499d4b85139c293f8bbea9f85d48be91bfdd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
dd9a96a5cefb67ccdfad3833828de4e6

SHA1
8df2d8462cf098ce53c281cdc30ebdb52ca7062f

SHA256
cd63aadf06bf4f5642821216cb6173a9d076c35d6144dcfd78b45210c4231f5e

SHA512
4868f9f8da87bd01b75c264a749b7a9886b88229560a04d6f899238b8d4e32af1fb7762b27acafa54d32f5efb0797fffdb7b05aabb94700ba19dcc5de85f6c4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
bf8790a84b4b1a38940c6cbbe23598df

SHA1
aa2751044b1463c3dcade77e886d03c42ad25a1d

SHA256
2dd51ed8d06bbcb27e0e985ae37bd9047afeac7daea3784a9a28b4f403245a20

SHA512
d2b0bc2b6dccb63cb3bbcca15805dd8bfbd430b96e3fcfdb2d5656d69ac142ad14b2518888cbc1520c371be3a62583b426651afdb5a8be4a4c9ce50d50170ae2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\e4307e85-50b8-44bc-8745-2350e0e99352.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3c86cafd7db2323f8d72b4d24ee3aaea

SHA1
bbb40ae41bae860415cad8e02ab023b84de84b1b

SHA256
86642a3d77de1cdcdb306d45a9e83da1882e59a61ad0913cb14de8d03d7ff928

SHA512
81bd6b3bbb3e4ee6ef812a43394f2a4019556d9a0fc69804cb1dd6295c5f8f8405d7f923a9940089f7b4d7375f63aadb6c861f3b96d2ed415dfaeffc5253abef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b40a9797fce849c5ed4f754d25cff08f

SHA1
7b68125d585e6179e745699e6acc3b62cc6ae110

SHA256
963c5bfb1be2969ebc17bf31dee030d169f2681b81a79b31e1e7a747411c8b51

SHA512
9949b3d9d283a73ee2a96a7721bbd9b9ed87900c925bd2555c81a570c8e3b1b30637d1a9877b7a8565ae8206b119e60c8fdf20be8aa107cc73827a744df9393d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f79a226d8427dcf01dac2f36f5239c60

SHA1
2831ac9ee7878248b2cabc2bc773c503ff5ac5dc

SHA256
5582cd9990ed256b1bed75983e5eaf55276ce8714a7ceb2102b2621d56ce2bb7

SHA512
6d1cd89200ee9fa8d2d8a537e9a0ddb69d8817f1e14302d152fecc491a59d3aaa550d49c54c78e90820e2805aac833c606ee094afd5c6591c907d27834cc15ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c419cbc0c867215006cb4a35307cdf7f

SHA1
3e34017bd27119cf84121e9839444a0b2616c8f1

SHA256
0e4c9adec3f73a015b0b3f467d0fc0058d5ac2336c6afec03c85d84500adf177

SHA512
72d9894593f11fc7baab7f3f088ace7540e5cf024636b8f92efd9881858ebb99c5964707a6fe2beb0f9631340c28119996d38ccd1ba2f484192d9591dd40655b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
296ea77dd102c083ecb41d64d49edbbf

SHA1
1c526624ce1a00b3182598c548c21e393a39f38b

SHA256
a0aeb1581e3cd5a50ef49814086015d18c3a4b144e7cab4b514e31de9335cb3f

SHA512
38bedd2c513f85af42b44f9368b9988a614c01cc24548a9d345de9ada98db3cf681d49e811a8a5bdef0e847a284658374c7af15a47f19c0710c92436e7df669b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d036e5664bfd1a740550200aefa044ca

SHA1
d8c154d74a1b641372d4e112ca738e58da4d5620

SHA256
aba33feff428ec435645c5018637dcade68cdbff6ab9aa7ffbeca655c3966f6d

SHA512
2fe6c4ea84cb44e240a15af2e2894322caa7430869657d3f87e3264f6b5fe820d90781fa6b382438050a8ea3e0f2af06b1aa2b6f709766677ba269ac5d286d88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0136ae3edbc1568b14476c17e5794dea

SHA1
df853203ea2a6c085b0777a85d9f6de8d12862e1

SHA256
989eb86e5d5013497475a3d8bcb290ca9aa157e16f95d9104a361fd5db2ddd99

SHA512
8b47ae7216e54891583cabd8df53ffb733245cc49430ca8f15233b9f00ffeb83b244ab67780e019a316f746c48607db91ba8797b1878106440e4b289b7d80003

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
be04eef0feccc5ec7c11c6d4a8b4dbf1

SHA1
29c03242263c77d9c58e3dc0e94a42cea3d4b854

SHA256
586e58347bb7d0f10b491291abc45792e9fde709f5d2669acd4a05f6ea217596

SHA512
d8740df4f2c2aad2e2181ef9342667fb052dc5b1d4f9aec096c4dad42b8113c54fceb8e5e02de6a4be018b94a349c1edb25b73531cbfc8f9ad7da87ee66675a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a8f3c0578055bf8bf6452a26570b9fed

SHA1
fec9ddf7a24cfb5276a257955d64ed5c871452c9

SHA256
944c5043c4476ee151b085d47d48864c5d6206d9855bbd8704e971b16df8c19c

SHA512
bd22538ddb3d3d36c9e1737593d3e1aced466190336a4c7396f28c8941b5ab0f8a7bcd388c007b20b69ef600cc1f755b6ac472d911426fcff9745e90648ba340

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a2050064-10d6-43fb-aac8-b5c487ca4dd8.tmp

Filesize
9KB

MD5
ee04eb714b97b452ca3cfe8d7d4bbcd7

SHA1
9554dbc2beceb99353b1dd8b8d51305fd3678ba3

SHA256
63540d562250131f79a98536f6a97826f0e901b61278daa4bb4a31645d939ae6

SHA512
1af846748c5c2104394bedc2b564d6baeb5964d3cc39b50f2897c47a61d55716444f62c8901767875340baf9be8f9ec8609f966547ea8fb0db7eaa777b1ba1a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
93KB

MD5
6d30e065456804fcc7c0573f0a9eb953

SHA1
6194fdefca693dc6f1eccb10fb2233475ec8834c

SHA256
bf2c83cda6cfc53bf700a9cb7c2b24e3a648f7eb778105a619cb6714d14b91e5

SHA512
24f1bb2fba6f8dc5458a14670d1e99611e7775dca60f3aa99a483e08afbc81451504505f7b4b3ba55cb0ba097f95b90db812da2bd7999155a29cd8805fb7307f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
93KB

MD5
1e607d53bf2c6b1238c4341c076d974e

SHA1
c834d6a937f2fa6a91453db052c1864bb6fae473

SHA256
6eec1585e05ef3735af576c732a8b62876a92891e07aed0ac26f94a11b9c9e04

SHA512
79cd7772ae82f9d17ca29e51347d84a4f12baa0d802e56bfd0c41c73fa9935338392c789da037fc0c5e8e010ddec7817be447cc1df113218b74f4f6889a8b56a

Download Submit