e9f772527567422dcaa97991e1dc5971417dfbb1cca38c9f4c7eb8e3f40ea4ed

Analysis

max time kernel
126s
max time network
130s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
18/08/2024, 19:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

iw3sp.exe
Size

2.9MB
MD5

03964744f047ba2fc71f23faa898da82
SHA1

8ea173dfd99d0aad94f2501ad9de03acdf4df6b8
SHA256

e9f772527567422dcaa97991e1dc5971417dfbb1cca38c9f4c7eb8e3f40ea4ed
SHA512

00baacaafec24c0f342bdd3b37e49156058205017570d0a4721b4349e6c73258eef020eb6288fdb0c3c20a6e6ad8430027303bddc86509e15d32cd7a3b826ad0
SSDEEP

49152:cZlg1qL8tyarC/bVfMMMpAvbXN1lsNDMlF6U4z95nq+MsEkPtp5TOyBKoWPhN2Ck:cZlg1qL8tyKC/bVfMMMpAvbXN12DMlox

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iw3sp.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133684834263952049"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1428	chrome.exe
1428	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe
Token: SeShutdownPrivilege	1428	chrome.exe
Token: SeCreatePagefilePrivilege	1428	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe
1428	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 3364	1428	chrome.exe	84
PID 1428 wrote to memory of 3364	1428	chrome.exe	84
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4172	1428	chrome.exe	85
PID 1428 wrote to memory of 4936	1428	chrome.exe	86
PID 1428 wrote to memory of 4936	1428	chrome.exe	86
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87
PID 1428 wrote to memory of 4752	1428	chrome.exe	87

C:\Users\Admin\AppData\Local\Temp\iw3sp.exe
"C:\Users\Admin\AppData\Local\Temp\iw3sp.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff7f3cc40,0x7ffff7f3cc4c,0x7ffff7f3cc58
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1748,i,7908352385711352938,12745371501232814612,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1744 /prefetch:2
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,7908352385711352938,12745371501232814612,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,7908352385711352938,12745371501232814612,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,7908352385711352938,12745371501232814612,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,7908352385711352938,12745371501232814612,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4440,i,7908352385711352938,12745371501232814612,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4432 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3536,i,7908352385711352938,12745371501232814612,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4536,i,7908352385711352938,12745371501232814612,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4304,i,7908352385711352938,12745371501232814612,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2224 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4720,i,7908352385711352938,12745371501232814612,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:4188

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4536

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
47a592be29ccb82800428af2d7d2d44a

SHA1
df41621c855dffcdc2a37e3d373453cb1a36258e

SHA256
a2bca2967b1ca6de2641ae3b4e64ccd28876f2555f5067a837da920a2d5ac0b6

SHA512
b0c9e26fb1c37cc2dbc89e8dd2c4bb05312cf8376b22b906dc2ed3fa0e7f704b3fc545e9c932ee5c60198e59d0932a0627a3a3d71444f1685103c661934f41d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
cd3dcc15f266ce38e7c4436d0fbf0d3d

SHA1
fad5ecd59f77e115bbf27f0af6e629e0978026f2

SHA256
b9cc687d706d7c97eaca85ccf758c15c7c7d1c86132acc94c3219050637d81de

SHA512
3df80f7cfb2fdd6d1ecc45832e463f8000178229bc68995854c1fde0032b7f130d9b13d8f78d9592322776134a693609741da4b80ef2b0d159baef4aa8ad061b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cde391ba15ad66fd3b98a5a052d0179c

SHA1
af9ad3593e3eaff1b39299dfdd6b8ca5a3f93248

SHA256
acba19ce164a8fba51ae8775f5da511fa689bfbd92b2bf3c81f72c8f4d57c26a

SHA512
b8f402928c6b82c4bcba8e3b4f50a4a14f123a5486b32d269b951c85a7ad6356cf40a95e0fc10fc841800abb4a2706a51ec9889ebd300e16f3853e7b53af3272

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ce6bc7be81a6d409ed7c0c7fdb70fd32

SHA1
0c25f7ef01067fb50a46b78ab8320d3231d05432

SHA256
7acfd1466dc878a0ef0333f5febc26db9b699f543907de1e4e16a08d58a5819b

SHA512
7f93f52b0cfbe2a3e1bdaa82104d303b52a16ae4182971840575ba3731449586ad0ea48b63d779d8015b549fcaf542825a6d710f313b346e475788c9689da06c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
520B

MD5
691205a05f2726519d28123a3ff4730e

SHA1
e7cd24a1a0301c244fbcbe59e12021ae57d73927

SHA256
3666da8b22727f8f42d364e5f595f146d384177521bd4f6ed35358eb49427a6f

SHA512
90b112d61f7b431c004eab69a1b215d5a0c220d2d93c4ae69d2b5ab425cafd2c95fe3b547753b1cd273dc193bb68cb3cbf4d6ae2f0a0102eeb6784c4c249de48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
812ed2e209198e37c7ceda7c865789c5

SHA1
5aabf0d94892d02e76d77de615abdca1d7b45d9d

SHA256
92d7439d15f4741917bb791f80c89afdf465387f50da98c5274d29ef1535b03e

SHA512
a5c41b15ac0b98284952e5c371bc43eabfe331ffd4e60b1731b71836d946c75695b35448b431c7cc8e904fd3d9fa01b26c4e0b2a6bfa967b502c6738d5fcf992

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8a05518269f1684afe7db85f91ce15e2

SHA1
7e23894368a2a8d11403351cd246b439765d7e4b

SHA256
2b521c8cbf28f0646216401b8f13c335aabc896b24ad3585bf3830894dffa1b1

SHA512
e19fb80b5de42aba1b57fe3f95b752a41a9dcea8122c91656454badcc329c219af4fe1135462a99aa869b3b9f6b57addec76e6ffc1c598b3947b3361ef2114af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
55a4dfac79b1b0e718168110b31ec485

SHA1
dfd5297d6e5f0b75ba4ba0f4a60988fd0f7b8ed3

SHA256
0f30bbb192ec3ec56553e9d613b9fa1052d970ec5a78bd7dd9764a4d3bfb21ef

SHA512
0130f1a784873c318076693df14c2d0b537275f34c074b9413fb0722c8772cfffed286484b194c24bf221b2c64c32451e9998f589990975a6e8dce98c7705f2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
87a0aed3760a6a1aaf6c58675efc8e88

SHA1
eae9d7eec4564d1240faae62ad2b0eb0c3fa3e39

SHA256
6a0b70a8beb43d46abf9cca438bcc96d48b907b76aa579284f345a10c412f479

SHA512
023b4291d54284ffb4aa95a8eacc42f66ae4b5254a6794bec14e70a9b3d4de959e92b5c5ccb50a899eafb9e017d78d342ffdf3d0a3a65b64a7e4fdfaf21c2711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d20987a11eb36205e1742ad6a704f081

SHA1
65e087245ee2eab567bf4e30c7eff74477abc2db

SHA256
d0e20ed69b747815f4ffec555f29f8b079d09f1796c3a4dd8dc9d53305dccd0e

SHA512
b0fee1625120a6b025f9f2f0c07487847081ffa3939d996a8ad0a941c3ae18b30689cf7c78847b70532ee104cb589cffe7064476b771a4adb6d4557ca7ae5fa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a1a2ada89367fbb6a57c9b86b29ce0d4

SHA1
3bafcf905da02623a5cda8ffac416e3b941dc8dc

SHA256
1ecf3a1b5c1c95de1f28519126958992d69b4fc4468686a540a995efa5779bce

SHA512
a6fd4d5c1bfdde5e8944f4fae59e8c3131bc0411e412addf2f8d4d0728d53b3020d2e739fcda2dd536b05f5e8063715630147b8cd5065902ccc9d2cc160ebc7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1c7c50ad1dfe5bc6b4688733db920396

SHA1
410e763159d1f0adacf71aa439c0042f2b940993

SHA256
f4ad9f671b15d72878ef1872c88ca97c202c251c89e527b1d48b77724d2b5754

SHA512
ff391b009867b97213559de25b267d21640eab5c3cde3663df2d4aa144355f9054df3ffa8a98651333713ca2d87bd526d8ba6ad2d1c973bcd197659bf81805f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
952393461f72ebb0ef55ff89cb2a713b

SHA1
7c4668a476e1cc9c50d3822b6dd0aa30e7bce2c1

SHA256
297f1ea69fe7edc3a49080f92f6f52de053fbb0ece54f23d6df967e101458b99

SHA512
aff075ff3712a61d1d915b566b1b33c7470f9163a386485d5c76964a0aad0c9106d505d85d12c1df5d69cec41431c6fcedf12288f3821d80f14873ec785e22bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe596066.TMP

Filesize
140B

MD5
41c11047e9dc70b42183d62f711ba2bf

SHA1
e4040bfc835aaad1993fa366e6b33f83fa90c0bc

SHA256
584f6966a653e8165c515113444a18284dbb8353a936ad73a2d3201b3f1ad7be

SHA512
38a7fbc989c6c2510cda87c7bdd12b55787b58ba5976d64f5f24a951366c598ef1b004452a0dd0161fd5e1164c4e21c8603615ecd6318cd692c8f0a86c75998e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
17b62750184c0d4d2f7efb8fe7435ba9

SHA1
69af826585fa771e0bc8a476e59430505f754cc0

SHA256
a0450fa226bdd5ab105f502c5a295a09862a83dd2aadf69dc3df0c5035067f8e

SHA512
51e2f9489611afb0fc2e979b602ba5b63ca81d0828414bbf8e522cd4d6f2ce215c1b183405854144168d9487e54c00d3f846f8a1aac8395fdee3736213f873fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
667eddf267f494e972c01a7fa4c55c5c

SHA1
c124dd0116379ed84a9ca1e4f3a065e2ca560caf

SHA256
98cb297ce707ffa995bf026a4751745784a02f134246b7ad9c3eb981f6ce3336

SHA512
7211b6a21997bed0044357165c6f89020f85795c66d1ee9fc984ee1179a4ae997bd20f6347cb9ed1dbd606c672a025773409daa97fda27f597ac8510d71563df

Download Submit