hxxp://tlauncher[.]com

Analysis

max time kernel
37s
max time network
40s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
08/08/2024, 15:34

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://tlauncher.com

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133676048655967535"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "64"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4916	chrome.exe
4916	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe

Suspicious use of AdjustPrivilegeToken 56 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5048	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4916 wrote to memory of 1444	4916	chrome.exe	80
PID 4916 wrote to memory of 1444	4916	chrome.exe	80
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 4116	4916	chrome.exe	81
PID 4916 wrote to memory of 404	4916	chrome.exe	82
PID 4916 wrote to memory of 404	4916	chrome.exe	82
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83
PID 4916 wrote to memory of 3420	4916	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://tlauncher.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff909d6cc40,0x7ff909d6cc4c,0x7ff909d6cc58
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,12933837579896926410,14396067775409619047,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1816 /prefetch:2
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,12933837579896926410,14396067775409619047,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,12933837579896926410,14396067775409619047,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2328 /prefetch:8
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3020,i,12933837579896926410,14396067775409619047,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3016 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3000,i,12933837579896926410,14396067775409619047,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3052 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4380,i,12933837579896926410,14396067775409619047,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4316 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3240,i,12933837579896926410,14396067775409619047,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3288,i,12933837579896926410,14396067775409619047,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4308 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3332,i,12933837579896926410,14396067775409619047,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5152,i,12933837579896926410,14396067775409619047,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3924

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4248

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4380

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a28855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
29804db68f70c65c9329c497e305ecf4

SHA1
a078a45a3ae838ba2ff2cd9cfbfd28554d63aeee

SHA256
c81330a7a2d0e6b5baa00b2a4fc93ca027015db6be29dc053a41ddd1414c4cca

SHA512
1a4dea41c63f8aad120defc62ba54246f650bd439f4d0ca767f8b0d814035279e740b16a0213d2f30dd5a71691de9cc4f0303552f37a15b8198e25578687ff81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a82bc1c0ca8ba60a8261f61aeca19ad7

SHA1
1455f8583020f7b434dd545e68624966e5ebbcde

SHA256
d1a0d20986a761bb5fd549489cf6ca8277003b908a686b1047b2bba4dc1e48cf

SHA512
421b7039460ac1a7b5223d518b6d4c16d44159bacf0ad873b1db5f55032f7cdc155b9d1c4d5030783d28af327ba950a0f3c88eeb73a309bb9b74be352b9d3c13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
208681ffb232713754e9c8d40ac41173

SHA1
880254cd41e87526bf056e0ab93d82312e19ac65

SHA256
ed6f65f4668d683edcb8bfb3a147c4b6dcc2c5921a2ba7ef7a5a2b4e097dc367

SHA512
63e55b6f5d8f43fff40f1e886d466dce7f5d1a47969074cc941fe329953528608c9933c76f7aa2988829b4f3e8286e3abe5bca4dc4dd9fa62a80189402fc857d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cbfcddad2f092f147d1858804a639fa5

SHA1
bc2b6c03d080d3972fb5045c7ef966a146b9129f

SHA256
b49bf6d2f2dfa8c1b7aef7678ba40a81bdb04dcc870aa04b5f003e62b26fdaeb

SHA512
dbabec00484de97319f7c1ab7082ca445e40ec9a2ef93b8adc184baa2786bd501a8e2cce5abdc3821185c890795b76cd5b52a25c48cca7aaab878b10ac3b5686

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f545409c-60b5-4fd8-b20b-3122ea46b6d2.tmp

Filesize
8KB

MD5
aeef57ae8159163a1f3828dea8973438

SHA1
7bf61965e0e3fe483e55aae420b59dc027cef4a1

SHA256
049ebe416eb6ab80dee63d4c633a6bcda8cd61e9821fab519aed0bb79782ff3a

SHA512
55f244ebbddc9659f64300d3964085398dd409670b320f5932a2608cfbff5bddbeabac81730758c3d41d0b98ad2ce077f5f4e4399ac2740e2e906a3f452c79e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
b846fce0a83af58d058191eda4057705

SHA1
2a123ae3f06a6931e550defa3d1fd336bce33449

SHA256
7ba0d88d80a91ead1b5392d6d70b6a728504337861848959b299c51f9dead5a1

SHA512
12004d6f56abfa3b9b50282dcaa0aea56158586584f5fc601d051e6b18c32230907b4df06895468ddc91468c839c33e709f471171f912be4ff9ac47528a62767

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
e58f06036506b6cd21b8510b4112a440

SHA1
6788d47de8d9743c2f09405720cc3cfc58cecdb0

SHA256
9534bea01c41114dd1935cd09e3c612674c42ba055ce1ca1e640fed137577ec9

SHA512
5870a546b165fe02b8e7013efb67f344670536c7b8371e780a3cbe5812f05f52af2a42cfaf9560ee895e728fdd940469f049a400ef21e8a26de07737f267dbaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit