hxxps://1drv[.]ms/o/s!BKg75TF6wZtKhFiue6vjC8QJVAeS?e=KJcu-4kHokWovFxJf10lFw&at=9

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23/03/2023, 16:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://1drv.ms/o/s!BKg75TF6wZtKhFiue6vjC8QJVAeS?e=KJcu-4kHokWovFxJf10lFw&at=9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133240658400982333"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4388	chrome.exe
4388	chrome.exe
1284	chrome.exe
1284	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe
Token: SeShutdownPrivilege	4388	chrome.exe
Token: SeCreatePagefilePrivilege	4388	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe
4388	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4388 wrote to memory of 2264	4388	chrome.exe	86
PID 4388 wrote to memory of 2264	4388	chrome.exe	86
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3720	4388	chrome.exe	87
PID 4388 wrote to memory of 3692	4388	chrome.exe	88
PID 4388 wrote to memory of 3692	4388	chrome.exe	88
PID 4388 wrote to memory of 4340	4388	chrome.exe	89
PID 4388 wrote to memory of 4340	4388	chrome.exe	89
PID 4388 wrote to memory of 4340	4388	chrome.exe	89
PID 4388 wrote to memory of 4340	4388	chrome.exe	89
PID 4388 wrote to memory of 4340	4388	chrome.exe	89
PID 4388 wrote to memory of 4340	4388	chrome.exe	89
PID 4388 wrote to memory of 4340	4388	chrome.exe	89
PID 4388 wrote to memory of 4340	4388	chrome.exe	89
PID 4388 wrote to memory of 4340	4388	chrome.exe	89
PID 4388 wrote to memory of 4340	4388	chrome.exe	89
PID 4388 wrote to memory of 4340	4388	chrome.exe	89
PID 4388 wrote to memory of 4340	4388	chrome.exe	89
PID 4388 wrote to memory of 4340	4388	chrome.exe	89
PID 4388 wrote to memory of 4340	4388	chrome.exe	89
PID 4388 wrote to memory of 4340	4388	chrome.exe	89
PID 4388 wrote to memory of 4340	4388	chrome.exe	89
PID 4388 wrote to memory of 4340	4388	chrome.exe	89
PID 4388 wrote to memory of 4340	4388	chrome.exe	89
PID 4388 wrote to memory of 4340	4388	chrome.exe	89
PID 4388 wrote to memory of 4340	4388	chrome.exe	89
PID 4388 wrote to memory of 4340	4388	chrome.exe	89
PID 4388 wrote to memory of 4340	4388	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://1drv.ms/o/s!BKg75TF6wZtKhFiue6vjC8QJVAeS?e=KJcu-4kHokWovFxJf10lFw&at=9
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff866019758,0x7ff866019768,0x7ff866019778
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1796,i,13388217767975217834,8187108009530122575,131072 /prefetch:2
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1796,i,13388217767975217834,8187108009530122575,131072 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1256 --field-trial-handle=1796,i,13388217767975217834,8187108009530122575,131072 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1796,i,13388217767975217834,8187108009530122575,131072 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1796,i,13388217767975217834,8187108009530122575,131072 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4500 --field-trial-handle=1796,i,13388217767975217834,8187108009530122575,131072 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3912 --field-trial-handle=1796,i,13388217767975217834,8187108009530122575,131072 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5288 --field-trial-handle=1796,i,13388217767975217834,8187108009530122575,131072 /prefetch:8
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 --field-trial-handle=1796,i,13388217767975217834,8187108009530122575,131072 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1796,i,13388217767975217834,8187108009530122575,131072 /prefetch:8
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5552 --field-trial-handle=1796,i,13388217767975217834,8187108009530122575,131072 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5204 --field-trial-handle=1796,i,13388217767975217834,8187108009530122575,131072 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=752 --field-trial-handle=1796,i,13388217767975217834,8187108009530122575,131072 /prefetch:8
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2756 --field-trial-handle=1796,i,13388217767975217834,8187108009530122575,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1284

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3824

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
69c7d5b5fb09482fcfefc88342ea2dd8

SHA1
44d01eda8ee2837c8f8e5b01bfd40fe654c3fd63

SHA256
b9af0e878523ea398965f5769201485d26d489db080d3261ca57c8525b5e3e88

SHA512
2b15caeddaab50e62c9cd49d6dfdcf0fa31c9ab27a16c52b6da6e95ea6c56ad25d1b9be265d042642314d07c00f0acb315edd9d82b8ea87d9d0955b8cbe11cdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9f328824e3f352f057456cdec7d09d6d

SHA1
7f463baf11fe00f9eaa42a1a3d8bd8889869dc8f

SHA256
fff06f19b818b7d4d26ee0dc2beca283ed140922d90049e186d72f9f13228019

SHA512
23e7bf3ed3ca27951aefa06c4682e858d1318dd22bb49b1e5652af56d133efa9d4ebf6d56cd1c9ba3102baae1b8cc7c68c26c277f56f55df27ff03ac6a78df4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
64ba99b3fd17c8a79707c7987e6ce543

SHA1
c81aa0f08bffe6eb914b439ce73f4e7481017440

SHA256
75f7096991260ca246dc94d5a69442b40f79f061c3516864d69c9f9935ea6e86

SHA512
481f200795b129fb7d8c5f157ba98b56b12e7a0cbf75e07d4d56adf0e57315b81db07199db34a67d5f9c229cb9954c3b8ba6ade8b54cf4979f853f2eb1034198

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
87c484401eb75602fb59d3709e839da0

SHA1
2e9f9480f5065de5350b26475a702496aab59131

SHA256
339696dd6b55241f50a172acde1dbc9b2647d5a1144f9b78f3e712736dbd7f64

SHA512
59186ed82b447d2a62ebdb89add55576de2620c031aa26af8a80245ed7e288fae0da37572819d2c6205754847d5fe3899400dbd6612eb0839766136b1619248a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fdbb891c604dc998bc6348d25792a6a7

SHA1
5ed82716989e03cb0953b4d871a9baa67757b6f3

SHA256
dee4546dc380579b6c10dcddc19846b43fb149cf9dd2bc9a6b0785f13b1b6f56

SHA512
5f85c2ff888521a8f6e5e2de227e9b2a2f4803ec1e8d6d4c16f20d1f2b782754d63f3e75bbb32f055ff3b32c49d69f554055569f8ce752f3487599930af42748

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a89349fcb5851ad7f11542c8ddffc1e9

SHA1
91d06c77797a061d7c90e5feb9692f784b414998

SHA256
a09e4b274525ec09863f099c043814ecf91f3fdc1d8964e525a67a9c265d3562

SHA512
532adba9eb5ffa5dbc42f57f651bc5cdea1ba09ce5ba1b086f0483469579e84b6483acdfe6faa4bf0fb4335c26809748d1b802bdbd5dbe477ca6b09fa3e647df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ffdd1653984cee70fded589f38711cc8

SHA1
a89a01d48172b6f5ca074b2cbb81cfbf372d9460

SHA256
0206c41ad8afc8a8463c8aee5f68514df21b80af73ea9da3a7e8b2ef56582c08

SHA512
eb5bd46c0baa195004337bb3ebb7e711b8daf2da2054b74286c59312a8200ddf3ac30587e67331231e74df9f527158f60fa156f61e9a1cf2e015540638a8bd21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5f5843590055619879d94a7019bc11c5

SHA1
a05b7ca50834218db7b1a175029bf033e3a6426b

SHA256
e876aedc3a3d64a11e891d82992232fac3776ca6b4c7782ca1d83554c28448cc

SHA512
6f2dd78c15e837a2ba43a5c8cee4e02a8d2606ffe471c3a945aa085f25a89376d0ded0202c161a42276e3d8f17c38cdc249dbba7f3c17a18a45d4bf7a7b47797

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4bea819bf1f8b5d45026ea2bc1e7c378

SHA1
4bf14ec8aec6da04b4900b86559f04abf655cfda

SHA256
dcb6ec7ab6cfa97d7543f00c4a3e848e607b5dae146c2dfd4a04bc6300db9b24

SHA512
4e906f5bd57553c2e072684240fc2c2738422135befe46540c22463cd7601a70463cc9d9cfdc14e44dfac63b95b0686fa9a4da2b1dec81d99db16d3a1cc6a6bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5b074c1b35851c71a873e3fc218c7b2f

SHA1
35df9744e26f7ade700688a1571f24a82d7b6c89

SHA256
0d405713a8f8cd525fcdd16cb330f5061a4fb066b417885108e8c1a9f778d9a5

SHA512
a8bfc7ef9c9909c95ef9c64422a1fd5301eb2dacd9fc00c484e2bc2590ace0742fb213ba593a115df580e0ab348c9baef1fdc009c4beb167c1cd175bb79dfd5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
15660ebef803bd02ab130d58c68fc883

SHA1
0a7f1ac868939b787173dcca0e0c5a43f0e57857

SHA256
280b97a8c41b7f4debd08d058f786df9b897031e622fa053eed32e96ae367efd

SHA512
821b5621c0f2bebcfebc71a3cb785f63766bbec528389df6fdf08d245dab9386c7c03d351af4b8501cceb3a54504b41ecfab72cd71da343aad40f89b8376f1e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6348f715653b2d0dc489cd3424ab7879

SHA1
2a4252890b3ea524842da63620797ef05acb65a0

SHA256
7ce062e8c5ab1699d9e64d9b4fd4384772066f58c6fbf4abab1e5dbfa927f7c9

SHA512
cf53750f4793dfdc070775ec7fea2c2cf7fcbaa0253e1c1f365cd7265b64dbe6d7bb45c9d91597a0dd639b5139c078d6dcac3b2b5a9ea58c137e659d353c8f63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
315c92df5255e1a57971ad2056071253

SHA1
40b915cf1fc525669372355920d0f1635381a39e

SHA256
5f8209ad4295268850f9a1c955db118fd457958bc51b53ff04901a0fc4e13771

SHA512
e57a5299262847a7c464a9756452435e40419de6cab8d4ace87761afa0f59a80d23df1183a284365634fcd24cb39d5fc0b3fbeba0b03cf8f3c4a3c96abfbf83d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
72ccd171cb8be08db9eca9a8b73abb42

SHA1
c0d2dcd724402ba8fb6f8a4415cd30e2eba5337c

SHA256
7b3cf9de3c580a0e3e68f41103f1813a272bf577cb6ebba6b6b58cdeec392ade

SHA512
0d4909ac591cda0869db43161445bf6eb0834aaf31866ca62111b75d165ba27225b6575ab342d17973f514b61a5ca1fc8b8a472b697b1ca998132bcc34858c1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
716d9fe2f65a93959555550019d3f3dc

SHA1
11a6036748264bbea3041490f3bfb3fbd6d55bb1

SHA256
f5baf4541c29f08964dd2577715d57874676948fc8266771fedbb11ed34a6bc1

SHA512
dc8b9c119bc67647366628b4df605bb56e36c74617b0d6919b934fc93f948d5c1c4e7489dd6b06f0d7429a79c40331e68c8fe3feac7961f2b02aea42d5d1656b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
efe7f503e95678a22f55ba5dafcf132a

SHA1
f048932cbe15abcf57ee44ea64704edddd0380d1

SHA256
a88c9a8a2eb1989d98fccc9c5caaa250459241a383914bb630147a303023b9b1

SHA512
1ede8e6ae446cbc2f3f0bd1e690e2e4248ea6550e6d5327ab7422c2a63811498fc8207f52452f18286744fae33b731ce5fb1842f827f409abd3ef68c552451b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe572877.TMP

Filesize
97KB

MD5
d562dbbda6a5b79a17593ca5901e6194

SHA1
71a70c14f3a9b0d279f6bb4e2e80ebb1f764e92a

SHA256
a7e70d7da358d971d389d1dd6cd8dc537e942e5a1f7288b999a1a4b318c8dd6c

SHA512
dcee49fcb1ea681a53049624c9a967efcff403a075d07535b7df3398dfc3b76647fb98072dffb872c5c9f62d62aaf5b2baec85c00a8595758e902072cbf027a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit