hxxps://b6-idrive-dataview-exchange[.]web[.]app/

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2023 04:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://b6-idrive-dataview-exchange.web.app/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133294691511673508"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2372	chrome.exe
2372	chrome.exe
2240	chrome.exe
2240	chrome.exe

Suspicious behavior: LoadsDriver 4 IoCs

pid	Process
656	Process not Found
656	Process not Found
656	Process not Found
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 2596	2372	chrome.exe	82
PID 2372 wrote to memory of 2596	2372	chrome.exe	82
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 368	2372	chrome.exe	83
PID 2372 wrote to memory of 3392	2372	chrome.exe	84
PID 2372 wrote to memory of 3392	2372	chrome.exe	84
PID 2372 wrote to memory of 860	2372	chrome.exe	85
PID 2372 wrote to memory of 860	2372	chrome.exe	85
PID 2372 wrote to memory of 860	2372	chrome.exe	85
PID 2372 wrote to memory of 860	2372	chrome.exe	85
PID 2372 wrote to memory of 860	2372	chrome.exe	85
PID 2372 wrote to memory of 860	2372	chrome.exe	85
PID 2372 wrote to memory of 860	2372	chrome.exe	85
PID 2372 wrote to memory of 860	2372	chrome.exe	85
PID 2372 wrote to memory of 860	2372	chrome.exe	85
PID 2372 wrote to memory of 860	2372	chrome.exe	85
PID 2372 wrote to memory of 860	2372	chrome.exe	85
PID 2372 wrote to memory of 860	2372	chrome.exe	85
PID 2372 wrote to memory of 860	2372	chrome.exe	85
PID 2372 wrote to memory of 860	2372	chrome.exe	85
PID 2372 wrote to memory of 860	2372	chrome.exe	85
PID 2372 wrote to memory of 860	2372	chrome.exe	85
PID 2372 wrote to memory of 860	2372	chrome.exe	85
PID 2372 wrote to memory of 860	2372	chrome.exe	85
PID 2372 wrote to memory of 860	2372	chrome.exe	85
PID 2372 wrote to memory of 860	2372	chrome.exe	85
PID 2372 wrote to memory of 860	2372	chrome.exe	85
PID 2372 wrote to memory of 860	2372	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://b6-idrive-dataview-exchange.web.app/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd8e59758,0x7fffd8e59768,0x7fffd8e59778
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1812,i,12987007594797099361,7428030482680498190,131072 /prefetch:2
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,12987007594797099361,7428030482680498190,131072 /prefetch:8
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1812,i,12987007594797099361,7428030482680498190,131072 /prefetch:8
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3168 --field-trial-handle=1812,i,12987007594797099361,7428030482680498190,131072 /prefetch:1
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1812,i,12987007594797099361,7428030482680498190,131072 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4500 --field-trial-handle=1812,i,12987007594797099361,7428030482680498190,131072 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4672 --field-trial-handle=1812,i,12987007594797099361,7428030482680498190,131072 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1812,i,12987007594797099361,7428030482680498190,131072 /prefetch:8
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5204 --field-trial-handle=1812,i,12987007594797099361,7428030482680498190,131072 /prefetch:8
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1812,i,12987007594797099361,7428030482680498190,131072 /prefetch:8
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 --field-trial-handle=1812,i,12987007594797099361,7428030482680498190,131072 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5432 --field-trial-handle=1812,i,12987007594797099361,7428030482680498190,131072 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 --field-trial-handle=1812,i,12987007594797099361,7428030482680498190,131072 /prefetch:8
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2808 --field-trial-handle=1812,i,12987007594797099361,7428030482680498190,131072 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4824 --field-trial-handle=1812,i,12987007594797099361,7428030482680498190,131072 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2804 --field-trial-handle=1812,i,12987007594797099361,7428030482680498190,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2240

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2240

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
5c21cf367c5536ce56e12094e3a1d340

SHA1
92df612013877ba554f1e1bd39d10746da0879c0

SHA256
ccfc1769edc84a60ff2fdd82b105a18ca33ef5fc02111005dec3ccc350d1b0b5

SHA512
f117e328dfbc915b6e8c9b1685350c07e6a54b5e990b93b409d020e020e441d2106888ea020c4e972fd6e0cba4f14988a79be528b3225c8fe21ec1a4a98199b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
958e31d00468ee02edab44cf25c14467

SHA1
2110a0587f671fdd8146a2c65adf11163d4681f1

SHA256
e14a35b77bc770ac6732d65a7eb1aa9448c18ed7de945b5abfee30902351b31f

SHA512
ecd6697acaef0695c3b197c4e47cba4efd473f7424502433b858fb291567c6e5c9adbecb6bd1d26ec60b85443b50eb11bc7535144d6bc0e95d7881eb465db89d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f76172ccf546c2ec39fc45b0c7eccb0d

SHA1
708afd9b746c7aa3fdd977eea24d7d85cce9b997

SHA256
7d423618a0579e2e6b6c9e0b7c37632fb96de9ac64df31b14071f12c106f309f

SHA512
b14c223b24c1176aba36efb1323fa27520ea0980bd5639a198bed0ff969ea00981c37fdf26492d4cece13918fc5f62dba72088be7a8313a65e5454af0761ca8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
52229b74813995dee17fffe3265106df

SHA1
9941e584dbdf1a5508c36229666de293cf1e865c

SHA256
3baff60e4800c2a01aa833ff429a059f85ed041bfe4918bd72bda7cda1d0e6d1

SHA512
4563539ddec892e4cdea772ca2f8bd665f52855df90321fd5b0553a37015079ad899bf9327b3f1f5ce5078e59eab901cdeeaf929a22eb72ca59ca0192e8542a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9bcd48d5a20b01f06e3b76ef2c7017ba

SHA1
1b7d7f5b2f15e08cf53e029f1e82edc7437c811b

SHA256
bfdc808fab08c055b97b6282767d5f6f0b8d6aab9bc81d15bfc62914cf6c53b5

SHA512
2a935e714756adbed013131df9b9c303627a54d5e553c8cbdb73b96ba1e3a279d8cb0a63ab13930a2f2ecc5d5917267b26e01662e43531f72b3e66292489546d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
74fcfe5ed0ee32a8eec39999498a7486

SHA1
6603728a0f64ead8783029d0b161636b1070ff7d

SHA256
b5227c6749b3a3c26b3e29d5e6e8c04cd9bba3a634315c048a61a416f3853982

SHA512
f940edcca73dc628e77b0676c28810a35eb50f0812622ef0edfd3d75f0567353a485ad36a8e10646194bfb62761e45ddb2beaead36d30433f888433a2f50c51c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
566658a5a579fca64faba921a5b2f175

SHA1
3d075f4f5b4351d4f7d68280454be7b0c12c2162

SHA256
7bad583821334ccf60c3d53398a3f7499fe049d4bbe503f33e45266ff513b047

SHA512
4363e0f079686b9c6b8991836dd2a05052dc7041e6922d20b2077bc770904d394a1ae15bbc2ca2b33cc82fdf603d0950350a8a64c39a056ab32e1ee91a4f0820

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f6d19ffd1a0968e0ff68c2a29d81b6cc

SHA1
608f41f70e883853e3e99bb7494234cd991dcd51

SHA256
7ee7b1f3fa842f9f26251952a528e3519897cf9d079107353e66fb7ab90cedbd

SHA512
78cdcad4e8638dc81f77d9260a8012b3b2230b5ad53f8c8fd51c7516fc83dc88ba51f915445e98e12c77d6ce173ccea7f90b0b01df4dcd6c047c7389656c1c2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
c014c06296c6b578f9f146f1901d8182

SHA1
d881d9ce6ec6f557c6d3176ed66bb4406c96541a

SHA256
63d886460ce65f9a8701cd9cf4a2669360c3e15532869114c59dbf66649ceb70

SHA512
d4ff981b44283e9a2b0b7b099ff98eac64d9dd41f1a032eb6c5402fe732acbb35e6d245e9347e55e07a3c0aca4ec4bed7850a16d205c389ea7f228412c54cdc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
6225c39ba8f8e8c74baf55e1a71593ca

SHA1
18b983e102f7c7ac3e95acf5d3700b16e79fba9b

SHA256
a5255b61fb87acfe67fa435d9725225c4cdbcd3cc0c123bf37f3841fdcb14561

SHA512
c9d44215ea99a9a115aac78f366ee6d810fd55250f966cfd389d683102b8ab4849e529d401efdcf6f2b3cc834a40bcca3146c23d2db4f1aded680236f0645480

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
07438176013149ea3d84646dfc4ba330

SHA1
0104bb19f7575e60b3ebec7bcc008ed929da0fc3

SHA256
88e31bfb057682f8e1d235d9a8c08778e67445d61c0df1bca170537893ebe1e2

SHA512
76762b49af941498ff0bec9b2b34c2f417eccdeb7dfb6783eb872380d5fd6cc7fc8f0968bc0081747a0c6054c7253bfd8fe1b1b35b3a824381d6bb78283fc2c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe56e709.TMP

Filesize
99KB

MD5
e53240e16587ceadd1094f191bbdebee

SHA1
4214d8ea9965cc11e095b8726cdcd08cbcb574ef

SHA256
923f7fa354dce574355c40baa0e21cef2b939184b8decfa2c0ec399f45c9bbc1

SHA512
df0087ddf9f80816e892f8eb458b8cf5beb35b3489a8a62a4949a47b3cd59cafb9c7c4814fe892dac221dfd6b97d8b161911d23f28fe8b58dc80c17eace742ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit