hxxps://1drv[.]ms/o/s!BB-70w6Qh7b2uwZKMqZ1BRZsT-6M?e=Um4V1O-0AESIwL0HMFgrxg&at=9

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14-03-2023 12:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://1drv.ms/o/s!BB-70w6Qh7b2uwZKMqZ1BRZsT-6M?e=Um4V1O-0AESIwL0HMFgrxg&at=9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133232743371271971"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4928	chrome.exe
4928	chrome.exe
3872	chrome.exe
3872	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4928 wrote to memory of 3820	4928	chrome.exe	85
PID 4928 wrote to memory of 3820	4928	chrome.exe	85
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 740	4928	chrome.exe	86
PID 4928 wrote to memory of 824	4928	chrome.exe	87
PID 4928 wrote to memory of 824	4928	chrome.exe	87
PID 4928 wrote to memory of 3184	4928	chrome.exe	88
PID 4928 wrote to memory of 3184	4928	chrome.exe	88
PID 4928 wrote to memory of 3184	4928	chrome.exe	88
PID 4928 wrote to memory of 3184	4928	chrome.exe	88
PID 4928 wrote to memory of 3184	4928	chrome.exe	88
PID 4928 wrote to memory of 3184	4928	chrome.exe	88
PID 4928 wrote to memory of 3184	4928	chrome.exe	88
PID 4928 wrote to memory of 3184	4928	chrome.exe	88
PID 4928 wrote to memory of 3184	4928	chrome.exe	88
PID 4928 wrote to memory of 3184	4928	chrome.exe	88
PID 4928 wrote to memory of 3184	4928	chrome.exe	88
PID 4928 wrote to memory of 3184	4928	chrome.exe	88
PID 4928 wrote to memory of 3184	4928	chrome.exe	88
PID 4928 wrote to memory of 3184	4928	chrome.exe	88
PID 4928 wrote to memory of 3184	4928	chrome.exe	88
PID 4928 wrote to memory of 3184	4928	chrome.exe	88
PID 4928 wrote to memory of 3184	4928	chrome.exe	88
PID 4928 wrote to memory of 3184	4928	chrome.exe	88
PID 4928 wrote to memory of 3184	4928	chrome.exe	88
PID 4928 wrote to memory of 3184	4928	chrome.exe	88
PID 4928 wrote to memory of 3184	4928	chrome.exe	88
PID 4928 wrote to memory of 3184	4928	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://1drv.ms/o/s!BB-70w6Qh7b2uwZKMqZ1BRZsT-6M?e=Um4V1O-0AESIwL0HMFgrxg&at=9
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda7339758,0x7ffda7339768,0x7ffda7339778
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1828,i,8214787197605833471,8167471601251738988,131072 /prefetch:2
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1828,i,8214787197605833471,8167471601251738988,131072 /prefetch:8
  2⤵
  PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1828,i,8214787197605833471,8167471601251738988,131072 /prefetch:8
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3180 --field-trial-handle=1828,i,8214787197605833471,8167471601251738988,131072 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1828,i,8214787197605833471,8167471601251738988,131072 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4464 --field-trial-handle=1828,i,8214787197605833471,8167471601251738988,131072 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3212 --field-trial-handle=1828,i,8214787197605833471,8167471601251738988,131072 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5016 --field-trial-handle=1828,i,8214787197605833471,8167471601251738988,131072 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1828,i,8214787197605833471,8167471601251738988,131072 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 --field-trial-handle=1828,i,8214787197605833471,8167471601251738988,131072 /prefetch:8
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5452 --field-trial-handle=1828,i,8214787197605833471,8167471601251738988,131072 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5200 --field-trial-handle=1828,i,8214787197605833471,8167471601251738988,131072 /prefetch:1
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 --field-trial-handle=1828,i,8214787197605833471,8167471601251738988,131072 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5660 --field-trial-handle=1828,i,8214787197605833471,8167471601251738988,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3872

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4636

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9b27d2f0-cdb0-4a55-a765-c516a8ee8bac.tmp

Filesize
15KB

MD5
ff2e101e6ea2041ab50233056e1b0f3d

SHA1
821baf91b619135d41bcd74cbce50755c1f2ec08

SHA256
d9f40b9e01add7c049adc5537eee49c583ddf2cc35cd203637c7c1a851c548ad

SHA512
67a2afb7668145090634fad4216f5ad38e178108c53b9ba9831a1c9378204f23fbcbf593f78e91f68e7079b8dbf96e404e0f73387411f7657bb8002fbfef6ff0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0faba3a92537b98ee157f0c66c866a1f

SHA1
b277f74070b557c951e2579c21fb5b82969f3fe6

SHA256
b4245aabf9e343fcf3c3a7c2f8b49467e508b934357e0053391be2dc1eb8f180

SHA512
8594fc22c052b9aaf1ff276e91179bf4ee99285c9c8fe170eb85c6319759019f5815310a7f4fe01b25d31c64e5c6ede0366de2c846cb8d3cf489fccbf426a1bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\0c2aa3e7-873d-4294-a786-0fd20d2a9ed3.tmp

Filesize
3KB

MD5
cdb94dad1c78eb70fa515f4f5aad6ef4

SHA1
dbbf5fbe80eb783ab57d6390778c406e3ef923a5

SHA256
4d5df2b4d3d36adf30c1ac13df2b1bde52682b30a60d6750ce29eb3e32f30b2e

SHA512
3adf5d3e1598741a43fbe605a6606488d2f0f45e0fe5a3d45f090453e294dcb27636a59955030f137b4ab2534269331783221b4fec15033dac843043d1a4ef48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\0cbd0265-2219-49d1-8ac9-3746a443655c.tmp

Filesize
3KB

MD5
4f5a69bbddc52db3c645b4bc7d55bba9

SHA1
e0ad7eea5b893387b5f7cf8333d20dbc9bd6e8e2

SHA256
89379609d7e296a0b5bb1ebfc769f7fed0c5e8732f8b8379df6f440471b3d2f4

SHA512
0267ad5c30932ac4a1888eb0e4bf7e78010953d64b7e8096da3c16931da1412fc7be0046dab17bdcf64359b59cfe3435138c9bd69cc97ab2a1ab360babe859b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
7d8eaf5297920f21306c1e09d0d58bf5

SHA1
fb7489a986aeeedfc5f4794a69f497e9b4fbdfe5

SHA256
83f1f1004c446223d7d6152fffc81647991d3b1eb33eb5a0ce2a6c9b989723db

SHA512
37b096a0379c7383656682db4fe1b54ec5e8adfb38b125ecbccceccf31402d36827d1062fc41e39c11ad4ad5284cf5a8d3ef7cdc43dad6b6999012cb42e1c307

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f28c14d33f1a6977bd5d4b29cb8c4c66

SHA1
98b85f994a039afab04b08ede2d56d01b00bb597

SHA256
95e1b30d94587ebbdce308978a43b3a78895259a6b48e394722dceb0a96a446e

SHA512
b04d9971b0309567a2e218c27068e2fc22e500ac230cd46620d55acf65b2acfd84d36bf2192507b11ea2115ff7f1b899cd75a8c9037dd86ebeafb1ed52125b59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
cd154aaf946efaa93d820cb7f96f4abc

SHA1
921844e3f3d4989388e0a8728c0ecbc5c6a44e31

SHA256
43fae3909b4fdd01533ac1ef1255ec9ca1e70af259b8166016290303117c8250

SHA512
aca223ec22361b4a4323d6990ffa3885fc5f290f1e0addec3a25454914fdba7b21d3229fe97288f59325986e40d74c04e30454069b0f5f51088b147f4c0eef9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
75b3a1f95167486953a654631df8696a

SHA1
87b7e20e034ffebe80111ad86475dfc24b33d2b0

SHA256
68471ae58d6f6c0c403358d35ace93854ba7ed4500ff39485451efbc6819c7b8

SHA512
402fd5f1fc7d9a9c83a06a40405529e9195fc87a3d23d91706675863e1e74a929b1dfd361136a6482c8a7c892bf6f9fe163f4e10eed24d5eaf69b76a60a2f344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f377cbbaf0e162050473293799c6cd5c

SHA1
ce8dec49fd18f90f4ec2d4580b0e470062ca0cfe

SHA256
ffc8dba5903ed9fe6df8aeea74106e0077ce79764d503b927832fe649b459435

SHA512
a5f1e60dd8cf7f3f45427e53c05f03c4fb9c48b5b5c5b3192a10eb85e7d0a655aa939b43cdac766e6edc07b03c8a1456a7284332d199bfd5113d45c012b37eb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8a450b22dababc9656502cae17998b66

SHA1
ba9938e36b6b9fb1cfafe815e555df4041709d26

SHA256
c3e02eea937bfb8f18a74d18eff9285a3ba9b4b44a9f8931b3527febc1282540

SHA512
a2df6072279c318b7a4efee84f85ac6843e4d566de1b3076b532cc101e06a11e0214b5d05ac74cde11a33a8bf965718e3bf72fa7a88b8d87cab60fd824422fe1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7bb9828143fbfab445f26b05435aa4d9

SHA1
765df342822e782b04466ef0a997ad3553f54650

SHA256
e6450cd5804c67750b78c80ede29d6ad71b10003b5783c71aa8cfd9d75efcb9f

SHA512
4bc72f7f88b5fb9baf3ef4a0d7dbada24c74c6b9d327591c0f94384ccd26a152f2ee3a7390bab8c185c232b40b7c5dd74473fbead64dc9b7ec31cc88371218b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
fd47bdb75fc8f769dd82d217dd551c06

SHA1
b29fe6a32c1ebf932c6525caa1fbcc447c127f69

SHA256
760c44966d47218536506c9a5cac800c3794c8d86ba07a027ee48f823f9ff9bd

SHA512
3395804ea477d340dc7de28bad972f3b9372e44b104d3928af276fc8d9643cd9556a01365d20aa60f4fabd85d260a45d2b91f95bcf3337824af13588789c8ddc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
56cc034f691e7f13f145847dbd3796e2

SHA1
d592079e94add1587719e18c446c922fb2877cdf

SHA256
0dbfb54ffc52779e96fce4ca35ceb228903975d337aa55cd8c0191c6bef7068e

SHA512
62765d5889c21e51c54f63df09cf7c7437256db1ed44dcbbf6e0427c9093c135e8efdfa9efbc421d3eecac6b303fe1c0871f41930cd114a5f95f16575b057c1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
bbfed0a24d51ff6625dba8858b55110e

SHA1
676be13d3d60a730067475996e7f7f3d145a509c

SHA256
d7b659710e743661fd11442dd46d245e4fd4f9ffa3475209911c46c28aab1fb7

SHA512
c514becbdc49c182e22dfa239dd31d46cc26622d7f14da53c38ebbafe5f14edfaca2afef442254a0578fa93dcfedcbc8fd2c94b47c28e48a83510011ca787cca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe572ccd.TMP

Filesize
96KB

MD5
ba1d358dd6a36105765226b174c6cb25

SHA1
a9f65a47b69d6d56ddf72436af4a2720bfa16685

SHA256
4bd32a87cc01c37ef788ff283f4a9ce6461ead0bb84c835300334e5f19472991

SHA512
59ebe29efbfe1959e915907faa9d456454bf01842a35fc83e01cdd6c06221b59273df9235a576160a0feffba19c6cfa8e7a89d9db34f80c877b11daae42790d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit