hxxps://docsend[.]com/view/zci5x2d4tefa4n6v

Analysis

max time kernel
599s
max time network
569s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2023, 00:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://docsend.com/view/zci5x2d4tefa4n6v

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133262581973286492"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
1344	chrome.exe
1344	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe
Token: SeShutdownPrivilege	2176	chrome.exe
Token: SeCreatePagefilePrivilege	2176	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe
2176	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2348	2176	chrome.exe	84
PID 2176 wrote to memory of 2348	2176	chrome.exe	84
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 4552	2176	chrome.exe	85
PID 2176 wrote to memory of 2780	2176	chrome.exe	86
PID 2176 wrote to memory of 2780	2176	chrome.exe	86
PID 2176 wrote to memory of 328	2176	chrome.exe	87
PID 2176 wrote to memory of 328	2176	chrome.exe	87
PID 2176 wrote to memory of 328	2176	chrome.exe	87
PID 2176 wrote to memory of 328	2176	chrome.exe	87
PID 2176 wrote to memory of 328	2176	chrome.exe	87
PID 2176 wrote to memory of 328	2176	chrome.exe	87
PID 2176 wrote to memory of 328	2176	chrome.exe	87
PID 2176 wrote to memory of 328	2176	chrome.exe	87
PID 2176 wrote to memory of 328	2176	chrome.exe	87
PID 2176 wrote to memory of 328	2176	chrome.exe	87
PID 2176 wrote to memory of 328	2176	chrome.exe	87
PID 2176 wrote to memory of 328	2176	chrome.exe	87
PID 2176 wrote to memory of 328	2176	chrome.exe	87
PID 2176 wrote to memory of 328	2176	chrome.exe	87
PID 2176 wrote to memory of 328	2176	chrome.exe	87
PID 2176 wrote to memory of 328	2176	chrome.exe	87
PID 2176 wrote to memory of 328	2176	chrome.exe	87
PID 2176 wrote to memory of 328	2176	chrome.exe	87
PID 2176 wrote to memory of 328	2176	chrome.exe	87
PID 2176 wrote to memory of 328	2176	chrome.exe	87
PID 2176 wrote to memory of 328	2176	chrome.exe	87
PID 2176 wrote to memory of 328	2176	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://docsend.com/view/zci5x2d4tefa4n6v
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffc4f769758,0x7ffc4f769768,0x7ffc4f769778
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1844,i,9692624609054593350,1171944936622798735,131072 /prefetch:2
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1844,i,9692624609054593350,1171944936622798735,131072 /prefetch:8
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1844,i,9692624609054593350,1171944936622798735,131072 /prefetch:8
  2⤵
  PID:328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3188 --field-trial-handle=1844,i,9692624609054593350,1171944936622798735,131072 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1844,i,9692624609054593350,1171944936622798735,131072 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1844,i,9692624609054593350,1171944936622798735,131072 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1844,i,9692624609054593350,1171944936622798735,131072 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=932 --field-trial-handle=1844,i,9692624609054593350,1171944936622798735,131072 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5384 --field-trial-handle=1844,i,9692624609054593350,1171944936622798735,131072 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 --field-trial-handle=1844,i,9692624609054593350,1171944936622798735,131072 /prefetch:8
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 --field-trial-handle=1844,i,9692624609054593350,1171944936622798735,131072 /prefetch:8
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4952 --field-trial-handle=1844,i,9692624609054593350,1171944936622798735,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1344

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4104

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d76eb29d1d7f5c030fe7f8f9e6004cb2

SHA1
feceef2a68fc10aa51dfe77a99d13ecf3d1c5601

SHA256
c2b8d26fffe09db58e86a5f70b7934ae44b4bdb3e0817538913c8f9611453c9e

SHA512
12ffccc4432a0e85d68af2139b1fa51c1ffb5b94ce6e1a3d367c4b3b362e62b0a77da426ed80f53e423ac2f4f0ffe341a47030d2258973b7e4fa5162f3945dc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
c066f332cb8791c618cfa4900f25798c

SHA1
93684b5affc4ce4f372502f2860152737d7dc9a9

SHA256
7425cbc1abd9c0c1406b023e19e43aa5089e4579be2f42ab74f9e5a135c0f463

SHA512
a43d754eee434013971cb1543777e4bc9ea7d7abbf60311fa619b3bc26cbfe4f29d86f5e27e814a4e2ec48a02a9dab8b43fcb07a1264c5e95ea90f991ba7d0e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f5d70d542db77aa8fba9f242f7001ee9

SHA1
d56cf547ab187581b54839bd507f377550256386

SHA256
0c03edf70f7af6e058b3676e30e9746a18393f6a47cf63bdff62d7e5fc5177a0

SHA512
4abe7d58b74788aa0574ca5897ee270ae09458270ec16c9fe2a6951303297c484567dd66d8ee8487ff43370ca37c01183f6919c68e7812759cc85d1d52edc833

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b69cf758e847ec0c737adac212c5eec0

SHA1
1dcde8a95a540a4b8741e61d27d80309876a9e2c

SHA256
39121b5f3ff2246918788080de497f29446b0b13547e8b83118e72b76fc57eb8

SHA512
6f494165bf902880fbded54bb129e6c59c3520c8cf09b9ed2b039bdb4a8b3f8ce79910f4bc9515a141fd1c596b3cc7bb33d201ab451734d9df59fbd4458fff28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7c520756187d9b069d8320d42818b2fa

SHA1
f78584de6eac879e8edd258836d7078c2d754713

SHA256
c55cb724eaa99006852140977a88f9efce70111ffed6c67f422ac0d0cdddf26b

SHA512
ecd2e61e6d3eacee0aeb643429ffd2cd1623a8b95faafab497e87c63c9339a18abdd24caa2991ab6f32b6f359abf22a4d1e45c707a3cc559df1ddd00d18ce4e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b598091717bd697716d8806f2a09a97d

SHA1
52a9e7a9404662a3911c9455120e0e5206a41dc3

SHA256
688a13126296caa2b3af0c4a22ad263374929f9a4ea6aaa772cbcf2060005674

SHA512
24e93a27c02ffd84868600121f8ec70fafc1c063c204cf267398fb2cfcf7a7a7d762af44c9155721e872ca3c087f323d5a5e23f5f3cf1463fc9220bcb076eff0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
03ec159eb5f9c42b994dd5c42e11f3e9

SHA1
d021b700d7aade496a01f6b115a97c4ac401f9a0

SHA256
e2072aa71a6e1d947e0714c7837763095830844e40253da427843426e26fc171

SHA512
eea7dd1a1b402fae56f5b7ecfd59212053709ad141f130e7a714a2fe6fbb72f7c2de71a4a928d30c5732228923c79629873ac70169e46af86855ca562967c958

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
72bce0e0001bf761c84a7fdfdf60f78b

SHA1
71125ce8dca3e8844c918829119fa1082140159a

SHA256
3442498b08aa74f7bc15caf94a94904e577a5d46630b0ed181aa5882a27f3854

SHA512
9b95488dd79a896b3729b1b5202312e3c5817bbd53264abebf6be19d2b4e7e5e4f4f06cd0b20561086bb2c5515988012eecac4e95e85f4bdaa676bd15593cec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1ad050107b732a249cb2c050117ee824

SHA1
8a5842fc3c9eedf409201c490709e40eb3016579

SHA256
cab1de86b834979700fbfd1431b5804a8fdcac2f32039b47634efd018810c934

SHA512
03643c24cbe29c6db26700dd75f7a28c8c6d15fbdaa1aba7ca702868ea2ceee94d2707b68b4807e0fb33b1d16820f1db576f8a618a08626ec70a23a7e9576c16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
04a816dfae53bf0c8aeb7e276b0176a3

SHA1
9badfe3a79b7aa4ddce9ce0b2e061b33c121ef0b

SHA256
c19c405d0c0b22cd23d0e294c7e34b1ad561e308b746ba0ce7f9798d4e4d7b5e

SHA512
4587350ed9826eb50002ceab2af49f7d70a7aecd2915f733e0e5abdd9dba9da4bfea8a6807498fc1b5d98acba8db1e5ed852f125bb3843d63f419dd26032dbcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
163313bb8fc3f0679005f0a0926da75f

SHA1
4dd986d1c6ed83a6b46f0fe29ec7bf27d7b86f80

SHA256
e50837d52b861c95f7f0c38ea410bf0f330b6353d152f64d7306b4e28f1c8ef4

SHA512
192a25d48d2bd98ec0df92eb90cdff1b244697f07e1726656186046c89b76b545a1a8cfddd51b5fb68193b7905574c9c73d962e2cb2d997a13bfb5c5d232beac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5f0204de0e9a7d0636a3a55ca7f1610c

SHA1
246b00a79ee4dbd84651f81bda6506da305ce11b

SHA256
b3361d94897b6e92fdbb755bea155b69222c95127f62f7fe832d4388dbcda793

SHA512
630b2e55d15d877c0250bb1312a9c9f653ab033364e47029ba55785b3f94ea77c60f90f2123e9f2c2a9e91a19ffa91755b3cc938aeba7bb78cbe343a53251aca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
6bc68a6ea2ab40729c3bdd648f60126d

SHA1
435eedbd9416864b90746776918cd3b84c64449d

SHA256
1e83402be600922781a83181175070b61a7e6dd15edb47af898d3eb8bbb52e7f

SHA512
f171f1f147d162e46573a0226ab5fa1bc66213970fa8b70fa13a38af90073c1e15a6921c83e82cde0ed828459ef2d93c76ff0f14417558d0022371363daafed9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
bd6fa6879eb172b3571501e1402b773a

SHA1
27e321ac13f97ff46779d5e2741088ba19287bb1

SHA256
a27c9369482e4543e340d6a0a059fba60ea5c3dc0400da39e85a330283c55a79

SHA512
9aaa66f042ea85b31241390bdd53d0248f22381e1503623d012323ff6ea893c442f9c472e6083024b57c7f30eabb312da4954d55e54834ae9e2c0783b561eeb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
ffa93e6e3c44a5c16910ef79ddeb1df8

SHA1
5b1024fe27f08592260e2ebaf0e1c782be9a70c7

SHA256
d4f186b8af17bb78c5667c97a0653295438f45e9c7fc673072f78fb08f59a1b4

SHA512
a31800d30902ae351ff8b52c846d3fd16d2daf3fef6681c5dcfb1f200608ee9d44017a429d2f373133957d5aaefe8c982f1b7248ace583fe90ee50c04472615e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
82ef419e6bf2103cdcc46dd671a50a97

SHA1
dcb594937047e861a6d235f7f693cd69152f5f0e

SHA256
af21acfac21ee3df70a9eafa6fcb9c2daf5f4a16b6f28121693eb84103fbdf72

SHA512
c2166ff357d0abca19b38bf2e4ccc3634e056c74fa7cb7c5bba1cda8d5ffedfaf2aef51c140e67f9f9a2e03c6f218edd60dd3b0f70ce3f1c544bb378f3a3246a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
8710bc9e23927d66f6fcfe2f11df8c1b

SHA1
3b71d887b1b214d82fde08f95df3e40c60c1e703

SHA256
bc432db4cda4a508973bbdc20799be4dcee73f1104bcffa1ddd8ec9c1de84810

SHA512
b05c31000a636e9c89cd0ff3f4077749d7bb7f2fb7dd1d7f0517ed7dd5a56a413d79025515dd80d7ce8024dd89d7f7aaacca35a779b6a1c67a1b40c167aa1af9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit