hxxp://ctcinspire[.]org

Resubmissions

09/10/2024, 22:17

241009-17vwcszdlb 4

09/10/2024, 21:04

241009-zwwg3syckb 4

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
09/10/2024, 21:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://ctcinspire.org

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133729814993502825"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4732	chrome.exe
4732	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4732 wrote to memory of 2876	4732	chrome.exe	80
PID 4732 wrote to memory of 2876	4732	chrome.exe	80
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 1776	4732	chrome.exe	82
PID 4732 wrote to memory of 2500	4732	chrome.exe	83
PID 4732 wrote to memory of 2500	4732	chrome.exe	83
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84
PID 4732 wrote to memory of 2016	4732	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://ctcinspire.org
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffb78fdcc40,0x7ffb78fdcc4c,0x7ffb78fdcc58
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,82840856552307741,16870577505418051967,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,82840856552307741,16870577505418051967,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2096,i,82840856552307741,16870577505418051967,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2344 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2992,i,82840856552307741,16870577505418051967,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3040 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2996,i,82840856552307741,16870577505418051967,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3064 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,82840856552307741,16870577505418051967,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4584,i,82840856552307741,16870577505418051967,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3216,i,82840856552307741,16870577505418051967,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3712,i,82840856552307741,16870577505418051967,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4884,i,82840856552307741,16870577505418051967,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4444 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5280,i,82840856552307741,16870577505418051967,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5380,i,82840856552307741,16870577505418051967,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4224

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4052

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
87b8f37b04c69dd5306ab5be11330e8d

SHA1
2301e8ce5e6289cb9e021d0bda3586c4013b5181

SHA256
d9811a0aa1615a6625461154d9d241cdd42186103c652316e5a99d3009c20ada

SHA512
821f8c320279d5fe17a738d5e4df7eae7ba35618fa5807475dfc47bbea9e0f8c8fb96d9fa2e5bd0bbe14201513ccf593cf6e017241f9a473bc50cb17e5b0dad5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
5eb0b3925bd2b60e31f8ecc9003717d4

SHA1
3d91b283ae6caaec5756a5578bcaa6e32886660a

SHA256
8830c317b976a2f1f8951d1b72187cfd8248b52c1ee3beb51d1ac56e149cd5b1

SHA512
eafb82d576aaff31cfc905a25b680216484d05ff41d5e04d34b29a39189acc1a4ce632a9975c53d7496a28897e352c488d4248f8106521042b608c940d286f52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1022B

MD5
ae7a2f1fe36897afca7813692734cac8

SHA1
327bb948e4b3d7caade5822f098c7c8432a4fccf

SHA256
f9092122f949965fe31b632ae4aaa1e51e295fd2b3aed2e5fc20ecdc94a7b26b

SHA512
e3539f774459432c9180d1cd289c555faa6ac857c0fb1e0a24a46ea2126950aa2b56d48dfdbdd68e4eb6fbcf889910b2539a10155d86662b9d2946e0b7e3c7d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1022B

MD5
88f8ff64d5e03ed1bca3ad666c2e2dd8

SHA1
7e8150438ddec33e5d6a87bb1ac1e597420daa9c

SHA256
da779a279acb57ff99cde37cd5021c0ad22b934b23bc629e9a266e67396566db

SHA512
cfa70e163f15e94a7063b3c107cbdab1f8df68302829d0b17d2eadb5037e8e1c7848d5d6569f695183c1c217e65318dc8fbca4172905f8255399b7a742f52c7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3bb03abfd1c047764af1ebb1bf799e4a

SHA1
06925f88a63a520cc96622b43caf4e08185690c0

SHA256
0ecfc09df82b0e6b89701c7f15ea1659fff9c020db7d1c1364b7fb71356b6287

SHA512
54a28fef94d4c5648871e1dbc2908f94c2e04a29231924d4c040dc7ef621e90aa5f7f8fbf63f753b072965ecef20574ff90f18f5ff1802b66b16e1d374e3a711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c73eac50a6d5698cee76793b3337d7c0

SHA1
466d698a6f1138cafa4c0ab374d229811dc7a6b5

SHA256
3b8dd49295a48961bb73c760b909723e652543bca08ba45a6e5119f9b7f392b8

SHA512
c026c51a6cd1db1ffe3d9c01af18f10cb8c097667f3ef15bec24a0f9c8a58159a9a20d20e94f45a412d25888fbf71995ac576f0c4d249e147ff694ebe3be6eea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b4d1997aac1f7acdd17bb6a097ee1da4

SHA1
684162a80356cfd6e42b4c191cf0f1f3c1db5805

SHA256
3bc4d8eef4454139d2f15ef7ac2507cff09c12e4873c7e1ca99a5ee9af14b136

SHA512
e45f016c470343b1f4befa6d2c2b8a1442748a4c9f909e2143aa7dba17e4e52538c68d80698f319856aab6cb48abedebbf1f9da11df31e4c07f116b72192fc52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e9b3efe98dded2aa32914adc97caaead

SHA1
2d2854f6a4a9631984570736233e2caec81c9bbd

SHA256
004c2a1559943b89c5ecfda5aaf784660b29ebbb67fbd2a437937289a08ea386

SHA512
615fdf7c463ec5aa1cd4f31ef857716262a3fcf4d5ad5cd59c0a25dfcfb594989c6a554191e23f08c9b8d6be7a6ae6f78c41d8d9f5c9d0c75a5f4701be4f6943

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
884976b85d6dd009f913707574904ae3

SHA1
d36b891b55726c89f63fc6aae4402a149263222b

SHA256
d5ad3575b01d73d955e42a3412e0e35ae4307874514a2819e4bc84675402621f

SHA512
c0fdd80c1e7e876beeafc86f131170a23787b4113c9782683927058a9d723d089f219d0aaab98bd1dd099039c8a7fed4f2efc53386411310fdae4bad2941f95c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eee0009713f8a732ef2943acfa55f112

SHA1
2031c8387ce3970dd0f4790d4d70d6164e9a41fc

SHA256
8e1870300f3a183e057316037b716d1f0fb0f558bb102750ef46a1622c5b949e

SHA512
1c6831c72cf52451011163ed1384312b17ccb05e6eca39be2e5f7cbbb1185e3b5da1c91bb933069eb153667474531f9957ea48e764a9a55d2966c6de232e50d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6d9db0ae1f2086a75073a6770c9d2744

SHA1
de826226790f7a1b95717832fe6f09206b5d59ec

SHA256
715899341d68600865dd11c7e92b4be4f0ddb017e535baa2a0f0f5037cd95036

SHA512
20348f84dcc5a6d9f94bc1bb22bb0024ef2713984ce63f53612e19fd33e6800e9739031808ef0216688ea90ee6c769d643ec97a4acf7f23069bf53c4f16090fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
92ba36ef3590b06cb5900bd5ab6e7034

SHA1
49505d350b8a7e08c5405bc879b172732037abe8

SHA256
d6c2b1af64cc0a6f1069784695b2b8b27da36083b74a78fb212c6946fcf197a3

SHA512
78d54af9a158a773d7a9adac8b0c9bdefc9e9cbd99ef09b71e9ca86b9b8ddf10e037e4c8d9a000be195acb824b2a4f87019c21a87526155f1d82b173bff04c77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2517f18cfcd2645e66786c35cea533e7

SHA1
6351e8fa3badedfb89d76a3cf08b247e96bb3d04

SHA256
e31e029b9c63706445e7f08614c381493490a7c1fd84b8a0a30394b47fd4e3ff

SHA512
360356d4ab7cec124857bba6a6f11aeec13981f4a3d3172baea32abf8ad36f9947ee04b274cff800c71790de1db69950c85bb34a533f8e06f03b0b474d159e12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3dc80a7104fee645a85eaa60fb90029e

SHA1
0d9438b95d1266e8bd5bf2069b04f27b45b1b993

SHA256
4e6d8799d1e7953026996f24704b9e2047c984865c39786eeca4d6c7f56e9d98

SHA512
7730e5536f02609e4b2b70bc53772a3b9f99131117ac8b2ebc699d7e3ceb803f11b04a424496778ad049b47109c860cf19c88c9afbadba7670bdf255ecbbf2e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
aab9f3f8e180aff1059dbbbac33542b9

SHA1
27cbf5e06a02271b8a172243b2ceb17fb0c26006

SHA256
b7078483da9c6ef05b111069db7ab7f6f512d47c5e6cf05b535e31eb322b6f9c

SHA512
6c41fba9bde8dc3d4e7fdde01eb577f3351b2a8a956770c615f3cf827e5da765e9685455123d26f77172aef9059c040ba592577a17d818c7b5571492036b0054

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
88a52d583a8e4a37a7ec557f183e33ec

SHA1
a52da6e9f67a9ff6d7ba2ed0ba881db0ae12da6c

SHA256
879fa3eee40f4cd798134daaf2c52cbab9a65b4f3a0c005d61e69f7560e928d0

SHA512
71833c3c0f62b38ac9305a5879b926977d46e9a4ff01f5613d55892f21e7ff9e2986498d77eb5da3d73c408cbbdf69b8a9004bf27b9249baa6ccfe94671a45b9

Download Submit