1e60513b4ee71a15d21c32ca13e163733eaff9a7dadf2eb989320548a4c13b78

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2024 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ZoraraUI.exe.WebView2/EBWebView/AutoLaunchProtocolsComponent/1.0.0.8/protocols.json
Size

3KB
MD5

6bbb18bb210b0af189f5d76a65f7ad80
SHA1

87b804075e78af64293611a637504273fadfe718
SHA256

01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c
SHA512

4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133724823295756346"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2400	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2400	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 764	2176	chrome.exe	97
PID 2176 wrote to memory of 764	2176	chrome.exe	97
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2304	2176	chrome.exe	98
PID 2176 wrote to memory of 2524	2176	chrome.exe	99
PID 2176 wrote to memory of 2524	2176	chrome.exe	99
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100
PID 2176 wrote to memory of 1452	2176	chrome.exe	100

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\ZoraraUI.exe.WebView2\EBWebView\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json
1⤵
- Modifies registry class
PID:4912

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2400

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9c41acc40,0x7ff9c41acc4c,0x7ff9c41acc58
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,7192784178059642559,12251421967961674415,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2012,i,7192784178059642559,12251421967961674415,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,7192784178059642559,12251421967961674415,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2504 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,7192784178059642559,12251421967961674415,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3336,i,7192784178059642559,12251421967961674415,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3896,i,7192784178059642559,12251421967961674415,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4708,i,7192784178059642559,12251421967961674415,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4700 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,7192784178059642559,12251421967961674415,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4700,i,7192784178059642559,12251421967961674415,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4932 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5100,i,7192784178059642559,12251421967961674415,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5188,i,7192784178059642559,12251421967961674415,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:2980

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4236

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d7e4a522e8afc125e92669b61c86be46

SHA1
7c17b08a0898166d38260c46f8f0366c3a3f3f8d

SHA256
3ad37baedc84ecaef38eba0e30e857b3170e8d806bc413c83e48ae2ac9fcd3d4

SHA512
5b58ccbbfda96b25f7ded903db213be7d4abc63af92cb7db4c787c7bba4ce1ec17cd28ec374e441448a381792a93260a03b05873865b58511b2c91055d4551db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
003498795d5da0f2c13f55c1423e19f8

SHA1
205f438da640c6b345c7cea2f1639cd5a3dce939

SHA256
c1e348309352cad1328eaff140cb81c522a47f273bab3313433692203ad77db4

SHA512
f04c99139080070915180f51d8efb1a8d9fec5f335ddd1f71dcea762cd65a4a41bab5a20da975e7ea89070cd8ead5edc40f40d6c6ec2bbf9395524e70d01b924

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b0350b29c9a4690193b1c2c5bb891669

SHA1
b47a6463b3fa83d37c8eccdd1490e3c9db8ee534

SHA256
95991147429df48209de755e2297b24baf5c5be8e069c46662ee77db9025affd

SHA512
3d6556cce1ec556990c72136856a4af88009b690e0489bee40992943900c28b606cb50464acf96639ecb6dcdf5d73aa6c9fc2d963b8f7d0f43d0d4e67aa1d657

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c764a23b23bff8dda3a6f5382bc68da4

SHA1
11995ed4f14120840deb25b0893862b58fe54696

SHA256
cf9d34f4302b77e60bae982a6dfc003ed38b5f780ed8450ac7feb107aca27b55

SHA512
c0def3a5636be3c287e0ab17e1d07a7e6c14ee57cb843adf7ce4904ece3650252a88c1e0ff609952df532a1a1d064caad9dc5deab8637290af6f3527bd66c4b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ac0822d3af92a632c4e0d505ed43c126

SHA1
0ff81e36fef31194d95dc8d197d45670df913cef

SHA256
f29b9a9635f8add45a2746fadad03cd5d41da942fe2a822e184fea133255223f

SHA512
a166069e9abdda3ef563bd5dcd3b2c2f912eb56ca27f74d89e63e16acd602e20878eae8c6417a3a7a9679ad24f0abdbaeb4d37d5fe472b594f69e1f601547c6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7e36ebdef1d4ee900e448095597b0907

SHA1
92d43a64f42e53dbc2380daf6dda77aeacac2814

SHA256
c69c2e33b7a5694f07806a19b174ceb890ebe4e174d5a1ecffa95f936498e1ea

SHA512
b1fc3bd1cd676b49403740c88b651b7b3564dd7e92b2fef5bdce61efa03c1a1300ce264bdcfbc26611347b87659045a7ecf8fd1c018b0ccd9b1a082cd2bb2095

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ffdf148d18b2bf0a7f06f59c210ed8b5

SHA1
5c4affefaa8cadfd3c8b5c5afce749c4b57451ec

SHA256
c3559cb13ed46509b77ad2a357c7a3fb6581b95fbeed3a50289a096fdff9702a

SHA512
2e0045f8d896ae605500cf423fd5bf446cd642191eee7a37c8b077da133d7d0661a3d4a6ec0516e734d265d16627c66c90ca53dd00d7601fa024c77cda6b5530

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
878f2f2ed615dc00d5a08858339f7e26

SHA1
29c46ca7c91f13bd0f58d47cf61da93ad4791798

SHA256
0d9c125d13ce8f4b2371a58e52c1a8eab6bf7b6b7e20999497bbc56b72802789

SHA512
a476f2a48c050a6516bcf702f7f1eb80a1d24714e03cc16c6bec5829ab5bdf768e1cc9e5a51fafbaf83559f521d4bcf9d7b0f0de094f8585c05d977fa41f19e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
57f65df870947b789e8513cc4e59939e

SHA1
1176c517f238ab330379c00a005c5cd048b0a378

SHA256
0b4bfbbb9aa8882c510767cf0a36dc34799b88e72c4214815d99cf7480ef76c7

SHA512
9e481a7d2292e64bb0cb80131ec22c295b4745a4cf37cc0a306ba5eec086f15863a8f2c0c69ee3f49e204632657d1449d6cd4322d143d3b4990776be681c32f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
210KB

MD5
1fd86def16fe61c5b676ef7af37b6962

SHA1
df92eaf327e6f9f51d76d842892c7ce38fe24f11

SHA256
35d8f5f6d013d090c26e2e5a142fd6a286997e68343049197916c80b5d2ec878

SHA512
4a6f0ee58233dfee5dd4a92a663eb52f3bbeee8de77b350da53aeade2ffc143d30baea2083ca9e8e4ef45bde517c86dd8675af717ed16776ec548c784e6c3c9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
54724b2e99dca4ddc31f6c4adb15b482

SHA1
31d7d160750c8806f87f9a38dad5ec04476d7c77

SHA256
5b0b486058ef10a4b6582039ffdc1fc54b9f145c583cdb290c4db90bc46826d5

SHA512
f871afbfa0b57f7df739df932c04ac694b6dfa28326c2f4d12ce647181cd83bc0295003b921d254b5ae1167c0b6dc746a1118c4d7740b9da6ecb6c7e3aa73699

Download Submit