hxxps://covid19[.]protected-forms[.]com/XSms0QWpheUJ4djdjK0YyZmh0Z3BhYlEyMG5BL3Y2QWZBS3p4ZTk5YmpqbE9TZ1ZFQ1lQN0NuYXk0bGxJaG5DY0plWmhjaWtYR3IwWDFpd2tSWjA0N3lGcFVHeFhrUjJibzFhR3lkK2lpVkgxMmEwcGUwRVRvZFFsYjhzeElnM2txMkVVbiszenUyZWZYNEVyS0Z1bEVSZkppNWNjZmQvUWszcHpCbVRYUDNFc2Y0T2lwRVpaMWRyay0tYVZKOE9sbUdZdnRpYmpUMS0tTmNVTy9SZUFZU0QvcjMzUzlEdHdBQT09?cid=2165611014

Analysis

max time kernel
149s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04/09/2024, 15:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://covid19.protected-forms.com/XSms0QWpheUJ4djdjK0YyZmh0Z3BhYlEyMG5BL3Y2QWZBS3p4ZTk5YmpqbE9TZ1ZFQ1lQN0NuYXk0bGxJaG5DY0plWmhjaWtYR3IwWDFpd2tSWjA0N3lGcFVHeFhrUjJibzFhR3lkK2lpVkgxMmEwcGUwRVRvZFFsYjhzeElnM2txMkVVbiszenUyZWZYNEVyS0Z1bEVSZkppNWNjZmQvUWszcHpCbVRYUDNFc2Y0T2lwRVpaMWRyay0tYVZKOE9sbUdZdnRpYmpUMS0tTmNVTy9SZUFZU0QvcjMzUzlEdHdBQT09?cid=2165611014

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133699357759296152"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3540	chrome.exe
3540	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe
Token: SeShutdownPrivilege	3540	chrome.exe
Token: SeCreatePagefilePrivilege	3540	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe
3540	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3540 wrote to memory of 1428	3540	chrome.exe	80
PID 3540 wrote to memory of 1428	3540	chrome.exe	80
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 6124	3540	chrome.exe	81
PID 3540 wrote to memory of 5420	3540	chrome.exe	82
PID 3540 wrote to memory of 5420	3540	chrome.exe	82
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83
PID 3540 wrote to memory of 3048	3540	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://covid19.protected-forms.com/XSms0QWpheUJ4djdjK0YyZmh0Z3BhYlEyMG5BL3Y2QWZBS3p4ZTk5YmpqbE9TZ1ZFQ1lQN0NuYXk0bGxJaG5DY0plWmhjaWtYR3IwWDFpd2tSWjA0N3lGcFVHeFhrUjJibzFhR3lkK2lpVkgxMmEwcGUwRVRvZFFsYjhzeElnM2txMkVVbiszenUyZWZYNEVyS0Z1bEVSZkppNWNjZmQvUWszcHpCbVRYUDNFc2Y0T2lwRVpaMWRyay0tYVZKOE9sbUdZdnRpYmpUMS0tTmNVTy9SZUFZU0QvcjMzUzlEdHdBQT09?cid=2165611014
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda48ecc40,0x7ffda48ecc4c,0x7ffda48ecc58
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,1397446147493450234,14100549371432810646,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2092,i,1397446147493450234,14100549371432810646,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,1397446147493450234,14100549371432810646,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2348 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,1397446147493450234,14100549371432810646,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,1397446147493450234,14100549371432810646,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4508,i,1397446147493450234,14100549371432810646,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4516 /prefetch:8
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4916,i,1397446147493450234,14100549371432810646,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=728,i,1397446147493450234,14100549371432810646,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3352 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4164

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1212

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
aabe6331cf02b9b2f54a06450463bdd5

SHA1
331d0f9d3a1103bf81a4ea67ffd9c258a8524aee

SHA256
23e1f6b6c77a2e93e58c26c4187749d0cd328635707b62705e3f62200f57e428

SHA512
ebea8b3320c27018e6005e03bf2282d8dcfba23aacac6e6fafd2abb9582794df1da1f2f746fb0b3c822cc5928de253d15c7c3606328cc81384e358567f63ba7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
9250d35770cb898b4ada203a99efe3fb

SHA1
bf25a24821eb93f9512715c336478aac93a80b19

SHA256
b3034296197679d094f54698fa861317ed80ce5b97d5098198beb4a5514b6a05

SHA512
2ae635b508bf53f071f603388aa331adfe93757d9c70f4e4aeb9340b27497f8442a5d39056528e500becd9de63664044e9380ec1b9207644eb962222393736b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
dd0f4d6dd28dc6fea65519ed62496c2c

SHA1
8ed38c938d3cb0f035e951be0bcf100ecf1700e8

SHA256
c36db72189c56a917c7bac2b894c7508de50a067004b2efd6ef36d179856178c

SHA512
5c502d4d74f193866c902907c92810f503d9cd5c319561d34cd86a6c40d94d01fab5249afd6174788c6a342107f8f861d37f0a0924abdfa08b5adda9f6175f59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
111db19dc134e676c257a7c49ec08294

SHA1
d2b41bb850a1c21ec27ffca43936f7f18502b860

SHA256
4bb012b84c4a31ad02da60be22e22480d0073b8a4996f6e5beff4ae5066fd339

SHA512
495a77d31172d99a7c0de853a73fea42984935fd9143a5661762938ad19ff98d99cdd801c71990e25f2061e640ede0f725b4e14537498197d82516f595250f18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
96fe2070a5aeb73bc13207847acb2fab

SHA1
90cc4398c35f89a78292c61d402f17a844d21a14

SHA256
f50ea8a15b4f62e97b9f0df5b0eacab8218b7f80a7bcf67d616f7fcfb0b92928

SHA512
36587187ae2953b950d17965c3f5eae2d8c9e4fc20a8e5f67662fa657ec63d6152bc7a0fad35382f0b93fed5fc648cc96a7e4a5216a6c7cb60440d592138c3ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
989c0d7b4b17fe3d90816a23e091a58f

SHA1
2243d603c8583d126aabe4f467adc9a147017b62

SHA256
61c0b4386c7cdc0da5a4c95b16512f2b1255dd97ea71c357506db5892701fd9a

SHA512
0945f443865f5d670ab367e49cdc57bdd5bd4e4381ed5069c34ad04ec3fe421823bb667f38ef85fdd5819b0bd13711a5a92cefe1ae5eace782e36b9a1d18ad3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f7d76eb0ab80fcef5645fe4e696f2609

SHA1
643b249f71f1006b02ec47511289bf20cc3f87d1

SHA256
3f4fa6d2d343dced98e0186e3c948a56102a914797533a9c6763c0bb6e7efd81

SHA512
3094cccf5221642189f0a0c18f8d0c02a83ada2224597cd1f9c91e173162be8c8568692940b5b2226fb7bdca9935bf45980cd9fcdfd80f34f380d8c5b697d9bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
47a45dc77754f6f6edc3855f0a8ea604

SHA1
0ceef4831639a3a7c4df4a907353c444b6964829

SHA256
cb61bf9203a51b1d49946228673f8100cdde17c055f0e45479a01defe5c05cd2

SHA512
fbf818e7375d8c46d4ae07d9f7ca979d3e4548bfe675d908e5409fd5fa0f2c49937895c4132500ea5f2394886f0aa11f38dbd5aee5279a0dafc10c417fa0a02e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1223ab6048debcab8b0833031c49307a

SHA1
fd5948d5bd56e71e7fab69b9b23e95902ad44faf

SHA256
a2d7a28db79f4161c08fe2767889913be98597f1b3af6864012f7fb6ceb4ff08

SHA512
0a505e9b1f9ddc0e42dd3ebfcc7bd4aeb438f5a20da984e77b4ba04e22b6c906a6ead2d6a33084ad8249202403f80baa7b69086afc828c9e6d666a164fa4e148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
695e8943bfb63a9158573cf3bb471b6e

SHA1
422f5abc9a22bd04232f8712d71f0880cacdbe52

SHA256
e78b28849cd3513a9bc2c98596c942e12df5845ec58acf2b6b1d914e26aa2a68

SHA512
3c0e1716b7f61f11dc90ea5a41d986b83d824752fba18cd29e69c37b15c8ed45557ac4a8f6c3dbb80386f7648913c2f5721521ef6c8316c970e609e97ae15356

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
be81ea6846ab402998cde45b9087b1ef

SHA1
9f6c9578f806a67f525bd0713535e9ecfa0acabd

SHA256
f992eb03becf105ed2147ff6792fcd7bd25d28c9ac6b8f18cd5c47da478d31e9

SHA512
8ec2e2098982b2747c057428484d49b05e17833b1075999d3b02ac055eeaf9b461eab5777c0a86f71ab5064924b5b7f376f6546e83aba87e1277d60851593a7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c98e2f67afbe6d1bf3e81924c3336f9c

SHA1
18999beb525b6d4ba0cfa7b59cbf6fd7e21edb6a

SHA256
388bd362e55f73030644bc8fdf154474293ed6fbe00b87392867cbe70dcd11c1

SHA512
e33408f596626fed749c1dac4813c23c744d662442fc3508d598b677b88303a221501358aad8585c1988028fabe697ca249b22ca2db0379470014a6a77c697ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
af1c1fec4740472e81c975fc3e3aca20

SHA1
dfd80eb323835ab20f12eef11aad437dc27981a4

SHA256
e2b81d816a63cb9b1221680b3a93ee118037bc1d3bb633f1a234586eb74e21ba

SHA512
6951f4bec1219eef76e7eec8b6aca433a204384d2c7d4ec8039b757b5c2a3d13ae1a929bb12806e09176641c5503e9bed4f667948564b04117bd792223164bd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2120191128e04d293f8a137a56013f2f

SHA1
461322adbf77fdf791a5aa00bd56353237ab2138

SHA256
0ca7419745c91b55a02a62d60c7dd266b8b2f1d0e65f73fb05bdb6afe9441036

SHA512
21b9ee066cce3e0524e5bf91801707bd9cd1598e57f575ba8304850c07786aefd621b8e0df725fda9d988d9d023a82997fcaa1c1f575ec40b98fff0916efb728

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
9029b9701ef7a23d01397e273dbeb192

SHA1
178ba2b4a807f3f617bfd1b5701a2500827a483d

SHA256
8f7a3fd7619e0f57740b28db3619179ed25e619609da074c2ef937260be003ed

SHA512
99849ae6f0b5c028ea09ce1aa0f9fa719cf0e939714e3bc3bacb3417436b744325a47d7d96329e2bee2e4995cc2cfb80485891f7f7e4fb36cb3c91301fae2be8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
18b3657fe732f1d3aa8e473ce2b4b4db

SHA1
71b444bf38fa988bd994c126061f81cda83cc591

SHA256
74e27e6ae0e682e1e3ca4a84701736701151401a38355e5b0bd46986acc7878f

SHA512
aacdb176cfa395ec84eb322e53660861af51de7dbb2d311e86876d2a2de99f84dadb8325c9527ce7235bd03bfca32096f08b0367fa3630d6f67096ad63aeb22a

Download Submit