hxxps://loot-link[.]com/s?76af7f1b

Analysis

max time kernel
149s
max time network
147s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02-10-2024 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://loot-link.com/s?76af7f1b

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133723068205148711"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4988	chrome.exe
4988	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe
Token: SeShutdownPrivilege	4988	chrome.exe
Token: SeCreatePagefilePrivilege	4988	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe

Suspicious use of SendNotifyMessage 22 IoCs

pid	Process
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe
4988	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4988 wrote to memory of 1428	4988	chrome.exe	78
PID 4988 wrote to memory of 1428	4988	chrome.exe	78
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3316	4988	chrome.exe	79
PID 4988 wrote to memory of 3188	4988	chrome.exe	80
PID 4988 wrote to memory of 3188	4988	chrome.exe	80
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81
PID 4988 wrote to memory of 1500	4988	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://loot-link.com/s?76af7f1b
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffadf42cc40,0x7ffadf42cc4c,0x7ffadf42cc58
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,15676758510168100810,18297974677297435559,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2064,i,15676758510168100810,18297974677297435559,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,15676758510168100810,18297974677297435559,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2116 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,15676758510168100810,18297974677297435559,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,15676758510168100810,18297974677297435559,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4524,i,15676758510168100810,18297974677297435559,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4528 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3668,i,15676758510168100810,18297974677297435559,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=976,i,15676758510168100810,18297974677297435559,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3116 /prefetch:8
  2⤵
  PID:1008

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:804

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
f7ade43dd0f2b39855de94f079d712c8

SHA1
2b7078487d6103bccb92059c0613ffe0006e3fe9

SHA256
f235e48b4358d99b1561635b6ef09503efa3b6e3210786cb0d944652f12dccaf

SHA512
5e416b10ee785f2e378ecf1f1196328b56d70764e841a68119ea592d5205dddcf0be9cb9f52e80489bc8ac620ac32d479d07e2f7f234550f9ff7a43f0ce7d3ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e7aef87401cac81de8edeb71622d74b5

SHA1
0d904878818d096559d40f4c902754cc170c4ff8

SHA256
2dc8abf0e89d6273f829cb3010835bbe76e279ab2ae8bb45bc221e4ecb49010d

SHA512
21b89fb72c936635ef2ba78cac93a2dea22460acce410a9fe0803a996505660c8c6b6689eea11f3c79d475f9f65fdf0a122a7c98f899e73d54cca50489af8eb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
35KB

MD5
eb42fab220ee0bb799e3041f27685f10

SHA1
0e63ed156308a7182805ef5a9f4ad7749a389734

SHA256
6cd59cf0c52de671413de9a306b2fe80087bd59d93dd648b887d7e360656e999

SHA512
018037ebe028fbafe6eb6959116f20811a5d6db379413f057a27979b6fc74cadbdd54be93e967349b90ed808fe9b027f775d38aceb0e3924377a78d09aefbdd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
aff7b88311d2f5e4d55c9625ac643640

SHA1
cbd8ecf198a1fce09f9027b2e598069527c1962d

SHA256
25699c237fa0facbb44121acb2a33e7856423ab1f15b2f1488fcb98e023d1913

SHA512
3f5c19b38a36430dfd97e1af185f25bb687eb38bc3d45dcf8b5d91a8bfc9b8f638199185fb3f5815c3a6b09b2bf42baaac5ad2f7977bbb7dc64aa3f4d9592553

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
bffcc174700870bedc19ec7e4d505e2e

SHA1
99d88976a23466436a6246d88e6a1306148970ff

SHA256
dbeb2960a9e70e2319b4d7e583e435c024af31acc160565f0df32cb31593cf0d

SHA512
9e6d177af95899afaf074bacb1c8136675b8f73bdfb5b71afa4ad40fda0143e24d10d561f1f35d36d36bbac5b5beedddc2b449a63b02f356eb49ac76572a1464

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
4ed4598fcbfd38ed641d0ece225baea3

SHA1
00bb60b486e01c06f4741bd39d076b5af3bcf9cb

SHA256
1e916aa9f8d3fade6ea0e72db6da4499a1b4952b37ce93580824a0eb995fffe1

SHA512
ce00c689441a2b4f6bdbd9cfa8e6f2bb260689fbe3c45e76f5aa4b4634f2f0ccb96d344f411f9c9ad7ce7b6116da6f7ed016e8db786f70a5ffb741d9385fd88c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
852B

MD5
cfa72f90b45447dd023da6cd0dcab9d3

SHA1
ee19166d3199075dda97d4c24a9e7fde9a9b34c5

SHA256
db62e31cbb38bae384f6f64f752be5390bbda53d8c07d2bbec5b6f7c071cc566

SHA512
e826018539f9d0447b1336b586e828b8c6d721ee2da3d8d8a830879ff4ea6aaaa013fea07da8978f4bef7da4eda47ecd0a7f7c6450c17413aa97ad5116ba1f7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1016B

MD5
a0e5de3cd47b554900157174aaa09169

SHA1
bd8bfc2d44f2082b19db5ae168a6c70b80292c62

SHA256
8d86aea747e193a81154d6e005ec2533b5f99c7185d3e216d4d6bfffd25591e7

SHA512
255ca7a29e62137b98753a511aae7e2cf02060a00ff99a2617f4bd23b30d9080eb92a7ac8c84e41cdc9c0cd0654094c0332392e8cce0f4cd08fd8ef1ff7c28ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1016B

MD5
be30506dc9d1ccb8a8afab7b83061e5c

SHA1
ed057f3107d3b8a914480b05c1273b2c5d34f8aa

SHA256
8192392feaca37269748d93bfe6455e99b61da100337ca9a826a1ce6b10fa346

SHA512
0a654042baf1bb22e0be96426625da4b1b9af07f9083fb9a53fc41cc1b99628c1876652044e52a8dcca5b1ad3a4bc175cb3f847c08ec82e5de15b00e9968a0b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3e534afa12859235860969c1f0d78d89

SHA1
cd56ea98b0c56c3eed8e3cb506556ee37d4a7eb4

SHA256
05b862286725d16b014f152e5fd889c29413c4c567bf2cab541f1a53da9f74fe

SHA512
f15f26f9b680494486fe872a63fb4851b83462833d4675b50296ef524b71fe5fd484e2a39ce1f6e8e2e4e839766cb9bac2561490f3a4a18c08d7e68147650e2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bee35d458574b51ffdcf8972390e5b1c

SHA1
b2c07674542a3b8c0a573bc4b96d78aa7515b188

SHA256
cdc0c97c894fae6d5b1332cf227fa22b0a4bfdce33d95bc2e390df9ae5025886

SHA512
3a135fff4a4706fdf1d0832e70f22277ebe729c2582334525689b7bbd80e89ec19f124598bd4676f43ec994f4bae67e6932c34451fbf0464bf2b404d8ab98321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
52bf2041c70b94dbb028ecf429d0ed8a

SHA1
1a70e16f064156c770f44af6650c77a803910d0f

SHA256
43150b699b3003070d8d3c85b2b8db2fae3821fb2a45ec0bd6451ac0cbb0024e

SHA512
a65494299e542031651738c7957969f1facb21973bdd97ee0b76c163319b96c9afdecc4d041c80bcb7cb9bbe78deb14661dc84b1df9fb6e0f7b1cfc54cca6a23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
292e9dd20fba783c0f34bab96191ae58

SHA1
b2c1c750674dbf961263b80af881def395daa4fb

SHA256
74d66405fa1a838453c144cf89ce2a529a4a677ca2f268c983c37acd70061fcc

SHA512
a19ed0287df98b1e82a8a5408ca1b11ac0a14401bb9a6c79f8033dace3e4908fb29bc3314c087e63bb4eb5bcf0a10ddcf42661c73cf9a552ea9013c26764325f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
434e8036b9b8ec2b83fe399f98902ab0

SHA1
8b559f294a451ab48375dc7063160a7ccac39a2c

SHA256
9ea807660166d12b49df520c46a0587c906733d8dd495e388c4e8e7883df744d

SHA512
9986d6d3bef6c7bb8dfe4bf197413e5e450171e0a75938dcb458b7b4646ef09c972c39142d4903a927523bc895625a5cdefbfb54e66af3c0a4f88080dcfb582e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5fb5ad7f26adc04dba112d4e8a3012aa

SHA1
7cb64dcaf58ee9a36f4653d1fdd510b7284fb1bd

SHA256
a8c2b45a8d784e4bb80b7ad4191929133eb3470257939f576ad5689dd8b288f2

SHA512
b2c92ed37f3deb5c8c813e4968927b428390767bedcd0c69381cd1920dacd6f0f5379f3cead309d22ac6c9fc2eb18d640d31d513e1bb79a9ea35fb4c9c037b72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a4e2ecc7094f07ad82808d7d7e99377b

SHA1
cc671db22c0988ba1438e2ee0faae5f00e8514b2

SHA256
0181d5fb7a74eb14e29b3391a7c47e7345861074a85d3e73004b1287d5550359

SHA512
4e4ec4cc222beaf79bc0b6ed0ae4e2cc1ac4694c8a97f41310c660627954444518c51600f7afbd874ec7dcfc4096a0c831796d0fb17551b06e480a21b6df5bac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9db9803bed41fa434d0464a824a4f4c5

SHA1
8d5a5f852b4a6f52e8ca595e7ec3ba31780e8a02

SHA256
f37238746870c2b5b48fcd3142baafc852a97cd6c9e095d0dc8c048257a71b0e

SHA512
8900a43f4ef9adf050f68a0e846fed6bb4967eb43a8f18a48c4c16d948c70d5817b1ae7ef92f10741700fc46dd7f083796448849f419d4b1d0cb38b43d51fd38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c4e15e6500ebdf78e50d60e8a3a9a0d1

SHA1
e3779dd84482a8a98027f28c1538d2da45fe9723

SHA256
d5e7dc451eabf5f70631480b5a4d00fe5f3b5f01dfcd8edb0a160ba6bc90e302

SHA512
a9dc282cd2f8317021a5b5a00e946d5871bae9478fc58e09f2f35caed9232d8b4db9752665550e11452e5344b267839f74af400741781b143c4cfc1c1af065fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
524235da534239867cb89450c357299d

SHA1
a566ce98ab7f2a01b34dce7521978a6fd368030d

SHA256
bd33356c85509b6261fc4d087afbae9968fef4b87800d380c228fd76ded8836a

SHA512
e9db03e47c72159fe00c5324595bda8c529277836d7ba15a4b67bb3be11188ef58f23fa8bc9499fa4fcd3b2a1c0f9de013d9f9e724fe7b90118c117598f72b2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
dfe6b2a051ede8891e1fca02abad70fb

SHA1
129117dd3778660f9db7c31be3ff6a9b14d75833

SHA256
f903186220c60b0a71c6e70e7969b3110ce442a2b5a467f995e56d571926b901

SHA512
fb376683abbb8ee1d31cdd8c7d6b47294b7fa232b6201f264738d64165b8d11dfc7b20beb03013447d6822c8d6a9c8384aae2b2857f371476b12181b18d0d657

Download Submit