hxxps://twitter[.]com/CICConstruction

Analysis

max time kernel
299s
max time network
290s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 21:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://twitter.com/CICConstruction

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133674519014031403"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2768	chrome.exe
2768	chrome.exe
640	chrome.exe
640	chrome.exe
640	chrome.exe
640	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2768 wrote to memory of 1220	2768	chrome.exe	83
PID 2768 wrote to memory of 1220	2768	chrome.exe	83
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 3588	2768	chrome.exe	85
PID 2768 wrote to memory of 4964	2768	chrome.exe	86
PID 2768 wrote to memory of 4964	2768	chrome.exe	86
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87
PID 2768 wrote to memory of 1200	2768	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://twitter.com/CICConstruction
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f8b8cc40,0x7ff8f8b8cc4c,0x7ff8f8b8cc58
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1980,i,792280005953896211,16470066315312510481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1868,i,792280005953896211,16470066315312510481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,792280005953896211,16470066315312510481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2248 /prefetch:8
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,792280005953896211,16470066315312510481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,792280005953896211,16470066315312510481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4440,i,792280005953896211,16470066315312510481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4608,i,792280005953896211,16470066315312510481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3332,i,792280005953896211,16470066315312510481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4436,i,792280005953896211,16470066315312510481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4000,i,792280005953896211,16470066315312510481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4388 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5140,i,792280005953896211,16470066315312510481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5168,i,792280005953896211,16470066315312510481,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:640

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4044

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
2ae03a2bc881bd383d10b15045631269

SHA1
632e4ef106a4eb417c3e70ce4ca5be0ae98d8ca4

SHA256
2529cff12c3f0af2bbded52433b3db0300e5ec0feabaea8ecf51d362ba0ac206

SHA512
8fcfb22663fa00f75b39e243d70186ade0617fd55bb223f991da2ae29fcbe29b041964c9ea6c80f8742a9be3dd075bd118399bc523c56973f0d63f08df19e24b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
930577ea93236fa86d999dd0ef474cb6

SHA1
682098625e86c700995ac723617b379ba1e0bdfb

SHA256
d7395c0091751c00e894aa2913dc9ca0548accde00daed813d37eb48cecbdeb9

SHA512
a38834bdf32951d4a19a38efd2f20373176f1798b44d227d0d9ee2f00ad6c2be09005b0bbfc67f77f72a3418cbbc8770b109114944321ae8eb3b548d9e0f3197

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4405cd0a868c4e132b06da94a48faa67

SHA1
25357c661609271327cf42d9602b42c59249e248

SHA256
47dc4e5551e9e360149053eccf9f681ab1c45928ac49e30c5f2d5762bd10062c

SHA512
eb4cda2c351bef007935b78980e98d141089db51aa49f3c63a12d64b39fd10bdd38c7e3067a9b217e57e35bff9afa7085708503700011b1f77bc7f177adbd4da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7a4dd47fdf9bf9aba8c4e5fa76e2f920

SHA1
235b757e0b148ed004ead1d06c9f9406793be147

SHA256
f27b6b86a15de1ee4cd1670bbf28fe58401b1249610df0a2f7cbce1b5d7f9a89

SHA512
51ce0cb67ac4992573fa098daa9ac49672e3f1871e2d54609c80466e110b18546631a474c7f54785af0db98cb30dd26c645511ef367672136e637ec4db9f6be2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b751521947601871c6cc8e5da2ccbab4

SHA1
c1d8108b2353f546e769ada5318b3553b30351b2

SHA256
ae81a97d01f8b47aaf1f60604daf9c2152b13c4565089ab7d141caf987e2dec7

SHA512
1da094db06bd59e5d25b3d7ff53538fd171f363a2072c58853775d096ef82fbd104ff3ab8276793d936fc18729abd261586f273f313adc312f169bdc90efb30f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
105dfc823848d5e94ce168c34424525d

SHA1
d8a32568b7b4b9f88bcf7257a583eefc11dae0fc

SHA256
84b2974561d509223b3a32b774dcf1b2cc4e864c6eb3bcbe78729ccdfb404b43

SHA512
c0be4e3a9ef46a23b7ddd01f7d00de008abb9cd38e48dd874e339905069c04d9ddf8835916d5236e0e34695185b8071771bc785878414f4b11d72c964cb716e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e8c062aafb4a065f829e0f99a999c58f

SHA1
4949e8d24693460f8af9b4024e9888af44fedbb9

SHA256
75394142ede6580b8dabbc3716c2ec762a8f01404eb5a651d2322f3fef3f1519

SHA512
4a84dd1c84d26134c2f733c43e967a54ef592efc54a88b2389e9c3a92c4e434bdcc1042d234b16000b596c31e551f72bed2bef515d32683e2f93aee3647bafd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f257db76b5778c21418b83aae7960fe3

SHA1
47a43dc99bb8415440aaa3d038be0cea56e17243

SHA256
83d1da5d855b8778f3fd925a794bdab9c005f1c3852ab890dc898390c3ee868c

SHA512
35f5ad4a53e7176ec177aaabe54e49b90cb0cb91c8e6a12cbb4d56996588d436702107568af1a7a2019ec28ddf135d576807b79836162d5bd59cf22467f7a5f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3feedab4cd88d4b8cff5e291df54fadb

SHA1
fe02abf6da97b092735688249c4459e0e38e1373

SHA256
c79500445939d4cec431740d6a85f65eb13e4c06c5b88dfdb595c6167dce72f5

SHA512
78c01197e9feb87a560a109a3445847b0c5812018b38feb19316c3a758da945544cb8955da69122509782d64cc8995e5a300c8bb7cf2c0a9ea01ee9b1cb94709

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8398eddb51fb82cb3d402882eea260f3

SHA1
cc2f4a9c52173d9d1510f8a4ef8d2304cca12fb1

SHA256
d785986ffe0f16e199623a4227709fe8c1af7269a5f8efee1d7f06ba29f04b52

SHA512
f98411e09cecc929aa5eee72a897f7156e9b3b60f2701be5f45abc8e5fa7bcf8f01d1987c3a858fbdd4a0514c583e99f7d021e0ad4db0cc26df2f52a12fa250a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5fd246d939cb1c23d32d9c254fa61985

SHA1
02b51ce36d154accba63d665be8fa67ae879f95b

SHA256
7b1cc69d5a37e10643efedd0502d9b4fc4984ade83356da6cc80353259989581

SHA512
61b00377e3cc4f2ec53c22af28c78f0399229464bf402e4559846b063fc546df95b6f574dad0dcc15c316fd08bf58b498a10930be8d7722b8c1056d13b0e9721

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5700e3a54737e1a4a67b9692c05ddf82

SHA1
09bf7ed7b3d779c30af05609f1dce7f4985872c4

SHA256
21723ff01b2a58f3331649164dc230751b8ba920f0abc01129876d2e4fbaa357

SHA512
99b0778f35f54fdd796c814867cb78af6cecb6cfafc6fc96d68d1ba7c543f0d378de00f83ef96f72f5e7c461a44e5761f2840655bccf93bfcc5df9ce24d8141a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
eb46f9546751b466de9bdad3ac224601

SHA1
9f008ceb0d40aebd012c369c17944454565ecfdd

SHA256
d54f01e9447384d03f5c7e0642e0e657826dd3bd0c031f25d03ab2d418d09f24

SHA512
b1534a49cae0cce351426dff6984f4f91b07b4ac6627944f2130681a6675103f57ff44311d08c7d8f738aabce323bf9f000d73ae6e4ccc61b87dd6241e83dc5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5f09cc8e5e2e3d043974ef5c8b9226ed

SHA1
d7f3c3050e214368704185e686d28b0dd555fd4e

SHA256
b287b58324f3676d6b654bbaa3c7bdb894d0a29e94c3439ffe20562293423c85

SHA512
e397ff63e1ac54b516d2971c4933b48ac1bd759370da09751f7c337f4012ed16f39bd6e5345d44adc7924ad088b586c48e4c3ac29f48fb0e43830db26c839595

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
835b77b1d22d5576af9ac6aacec7e574

SHA1
afee3e0f2ebfe34fd80bd18ec0dba102f63c478e

SHA256
c0a6888baaeef979de3a0c600dc01b942c4821e75ea75a2e79cc12fb1f6af261

SHA512
428bef5e63ec93f7dbd403a0d77e6733d6ba52534a7bfafb217554e4cac01171dad3bf34a1f9b3c8cb4224f854aca1f10513339ca4e42623831d03ca8067e991

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cade2f65-c389-47b5-8283-474ceb4c6590.tmp

Filesize
10KB

MD5
b6664c1a0a883dca25b074735aaa84e1

SHA1
4ee377dc115d6b79fa1719772b0cad3b93ff41d0

SHA256
7bc3ece0b71a07e6d908f0d62216e6e93a499384370ca9a62c34549a62f08fe3

SHA512
161ffdfb43a7cf50e853554198002c08b374b5962fe16372eb6e0eab4052f45d3fa960b2b20ab1a0c5cd147000722e4ebc759c33ff2ab2ef2444af1b273f437c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
0bce5a899a3fddb5890129bbe05fa045

SHA1
cb0a3e98d3ef0b639bd6fdbb01bf731cb6dcf3e8

SHA256
601e7fd1896af7f55ac91bc8fd80ba7d70ee2fce11588ce111b23556a8bbbbfa

SHA512
6cc18a06f394d60640bef131dd31d10768f31f4312d3e0e5a93e56e6b3fbdc443803328e748b925b0bd15efd90e501ee5aaf4b4bffafc9d054757073cb673111

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
edca70f20d54565af5f879b65ad91d44

SHA1
556d09d809479e0ec795e0128fd190c169b2e66a

SHA256
becd1757d2b1c8c931d44e95959672b9cb52fd5421583a7ee8a17a965a4d2220

SHA512
bc944d140422ff86317613896f9307739142e8926aa1216083f47205b13387ed8644204248ae056b7559a6d0f5af513a1cf01aacd03d02ae06501c67f41dc6ca

Download Submit