hxxps://ikcufafabrik-my[.]sharepoint[.]com/[:]o[:]/g/personal/p_gehrmann_ufafabrik_de/EvlQv-vsNMJOiwdlKFiWShMB99YZnXBKZVvdqTNGYJoAHA?e=2IhJdc

Analysis

max time kernel
179s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2023 03:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ikcufafabrik-my.sharepoint.com/:o:/g/personal/p_gehrmann_ufafabrik_de/EvlQv-vsNMJOiwdlKFiWShMB99YZnXBKZVvdqTNGYJoAHA?e=2IhJdc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133312717491320919"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4320	chrome.exe
4320	chrome.exe
932	chrome.exe
932	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe
Token: SeShutdownPrivilege	4320	chrome.exe
Token: SeCreatePagefilePrivilege	4320	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe
4320	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4320 wrote to memory of 3680	4320	chrome.exe	83
PID 4320 wrote to memory of 3680	4320	chrome.exe	83
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 916	4320	chrome.exe	84
PID 4320 wrote to memory of 612	4320	chrome.exe	85
PID 4320 wrote to memory of 612	4320	chrome.exe	85
PID 4320 wrote to memory of 2312	4320	chrome.exe	86
PID 4320 wrote to memory of 2312	4320	chrome.exe	86
PID 4320 wrote to memory of 2312	4320	chrome.exe	86
PID 4320 wrote to memory of 2312	4320	chrome.exe	86
PID 4320 wrote to memory of 2312	4320	chrome.exe	86
PID 4320 wrote to memory of 2312	4320	chrome.exe	86
PID 4320 wrote to memory of 2312	4320	chrome.exe	86
PID 4320 wrote to memory of 2312	4320	chrome.exe	86
PID 4320 wrote to memory of 2312	4320	chrome.exe	86
PID 4320 wrote to memory of 2312	4320	chrome.exe	86
PID 4320 wrote to memory of 2312	4320	chrome.exe	86
PID 4320 wrote to memory of 2312	4320	chrome.exe	86
PID 4320 wrote to memory of 2312	4320	chrome.exe	86
PID 4320 wrote to memory of 2312	4320	chrome.exe	86
PID 4320 wrote to memory of 2312	4320	chrome.exe	86
PID 4320 wrote to memory of 2312	4320	chrome.exe	86
PID 4320 wrote to memory of 2312	4320	chrome.exe	86
PID 4320 wrote to memory of 2312	4320	chrome.exe	86
PID 4320 wrote to memory of 2312	4320	chrome.exe	86
PID 4320 wrote to memory of 2312	4320	chrome.exe	86
PID 4320 wrote to memory of 2312	4320	chrome.exe	86
PID 4320 wrote to memory of 2312	4320	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://ikcufafabrik-my.sharepoint.com/:o:/g/personal/p_gehrmann_ufafabrik_de/EvlQv-vsNMJOiwdlKFiWShMB99YZnXBKZVvdqTNGYJoAHA?e=2IhJdc
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffdae749758,0x7ffdae749768,0x7ffdae749778
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1880,i,17232582577038238271,8789917930700931456,131072 /prefetch:2
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1880,i,17232582577038238271,8789917930700931456,131072 /prefetch:8
  2⤵
  PID:612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1880,i,17232582577038238271,8789917930700931456,131072 /prefetch:8
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=1880,i,17232582577038238271,8789917930700931456,131072 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3180 --field-trial-handle=1880,i,17232582577038238271,8789917930700931456,131072 /prefetch:1
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4512 --field-trial-handle=1880,i,17232582577038238271,8789917930700931456,131072 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3524 --field-trial-handle=1880,i,17232582577038238271,8789917930700931456,131072 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3984 --field-trial-handle=1880,i,17232582577038238271,8789917930700931456,131072 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 --field-trial-handle=1880,i,17232582577038238271,8789917930700931456,131072 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5316 --field-trial-handle=1880,i,17232582577038238271,8789917930700931456,131072 /prefetch:8
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 --field-trial-handle=1880,i,17232582577038238271,8789917930700931456,131072 /prefetch:8
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5248 --field-trial-handle=1880,i,17232582577038238271,8789917930700931456,131072 /prefetch:8
  2⤵
  PID:100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5384 --field-trial-handle=1880,i,17232582577038238271,8789917930700931456,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5216 --field-trial-handle=1880,i,17232582577038238271,8789917930700931456,131072 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5620 --field-trial-handle=1880,i,17232582577038238271,8789917930700931456,131072 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5404 --field-trial-handle=1880,i,17232582577038238271,8789917930700931456,131072 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5360 --field-trial-handle=1880,i,17232582577038238271,8789917930700931456,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2800 --field-trial-handle=1880,i,17232582577038238271,8789917930700931456,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:932

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3436

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9df15579-c731-4dd7-8de7-b513e82df31c.tmp

Filesize
15KB

MD5
8488bdce0235aa65d8eacc6c21ba2adc

SHA1
44fd1d89e02da94f66fc7474be5a72efceff9e50

SHA256
17322adc6305f7343748dc6bc6a271735cd5591082ca9fa4a37ec18230675c85

SHA512
360c301f703138581422c44daeda0fa8a49e7d4c615dda46c839827eb1da171c8803f5e7b6250ec335055267f1c3d3203d079bffdfb7d4483dff97ba43b6eba0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a1acb0d44e5b21b2cf7bfc709cdd20b2

SHA1
8801240c8a105d74e9516b1fe95213007ff4b3d4

SHA256
097905c6b958b51efa3e322e545d06efea2b76b99a9bd6a3a6bcf2a54704e97c

SHA512
973ef0313799ee433b3fd3ba38bc3fb0fdb960b83bb6b476b605a884cf2fdd8463d0c860c45e0e4bc95bca1dc8f6769087dc9d889af2ef3bd012b1f75278bf76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fb19dbaa9c5c2c0469c843c801e99032

SHA1
eac5ed1478eab0abd0bfd0d3ebf460890e7bce0d

SHA256
1afb0ffac9ad5e5bf74acfd2958b349f6d7870a107220b9814e4a03ccb5e38db

SHA512
6a6f90ce5baa02f0e885d831c02f78ed08b1a53180cd7942857d2c195fea46b6894c102562f9411c8398adb3d8732ed1c0e4dea01605a73256bb8b6cf901b36d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0adfa5098eef02ccad0e897113f530ff

SHA1
62efa21abd3177e114524e6eb71e22de58e9fd8e

SHA256
d3c1055d15b27d83ca6629e422c15e79a2d94a1d66c01385c6425b43f05dc73b

SHA512
f6f8641b3d4fa80b0435a5292f0c5aabd1461a40211ae1571c54077b4d0936e81a69fcdad49f7d74316be60f97f36b93d338b98b7aca551759a0767084384ad5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
19d2056f9a380c386c07b07a22550dc1

SHA1
bbc48aae3403fe125f21da029b3d6fbe15a957af

SHA256
422c5f242c5b0508374d079fb4e81db08389a9f78af7bc1769a06800be9806e4

SHA512
84f7daaf86a76c31b86966cd2752ca539d69a323e4a7399de4661f0ff790ef5805b24a4bdba48434aad65fa1841b12fb005c6069439467a509b046d89ca16384

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f9e684c02e3409f173f4b86b197f1ce9

SHA1
ca424f2bd2c31f14ee4f3d6c761795072e3d1f26

SHA256
900b7ebb14e0082f30bb4adf5113d3a9da99f159deb9312aa7d8d44f9fe3e8a0

SHA512
c7178b4648b801d2bc7fa4114abb38606b8c9e2028862e6cf583ee629165468fae8f9c7e077ba536ca3986597a5b38426b46302a2091a30103cf2264211f46b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0a9dc8c691b9777658f11a62de219f70

SHA1
a92c4035c0a53a862fa069da574b24266c310a92

SHA256
882eb84b5c4d90c766497db35e606f91b6536ff22da3acd8dd305c84cba2f307

SHA512
c0c4f58daea109c4d977f06ee71afddbafdb567a13d9636e2244acf084195df0333a80b89ca02ed9894537ddf86ae848332b4df958b5e97af8e929fe23ae87a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
18a70c47d080c5f1154051a8b535aa1d

SHA1
7de36f953f4ac91700bc33860200b056f456d5f6

SHA256
eaa090fc8ad1bb6eab4e0f91c0b4314ab000466722d7596335b23ae0054b7bda

SHA512
d67cf30b8c0f92070a10599eae7215c67497ce3fb922a0e96c00f936103653e9fb6099fba6bc28172446d36ca40d94163b9ef6192a9011baec148bb5ae838e6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e631d8213c00ada49d1824be10ed0726

SHA1
aa185a06880f0e8e9ecd0bd61413b00c00b5a444

SHA256
d2577a48d716913b356cac7c81c283128535f2cfffb326c18c204e119d0d2b33

SHA512
4d596edfe67b89a3ba16806b939851d2bae6225d47a68c8be868aaba248350a79b6650abdbff2ecc9ce65ec12a0bd5c7f8710bfb0c971f239ec13a8520d027e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e4ff934b1face2123b36c0179fb6e887

SHA1
e5a9f8bbd7ed0c8327a3e0e594cbf0abf2d82e40

SHA256
d6dbcd1d96205e32fbff9bb2020c8734f4beeada802d3a292a22aa6062b31084

SHA512
61c060c5d6842671aca0e71f6511240f1812a66ebf9a594e3bfb31509b907aba8240803644da81fce0eaca8e3f69ff7ddbf1adc4e018a23bce8da79e766b7a22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6526fc29d700dc2900881b7677d7bfdf

SHA1
8ba2b899ef67b882bbabfa7c9382b7179a69428a

SHA256
f3bf883147cb900fcc54c3220b49310ee8b4bbc79216d1683acfd4687d169fff

SHA512
138b2d470f3cf59685f68f083e66135546a2e05986f051a51ab2f146dfcf8ddc7c6bccf7c573982b80f73d3fdea7559cc98f28846cbbda989686dae96fe2e4ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e125555b1f38e9ffad013ea0ca3fef1b

SHA1
0a7b4f9cdd59ccd8ffc84f3be28b6c159de840fc

SHA256
890e6997339c421358c8d62f60a73b3328997fcde96834cd9eb405b6be1229b5

SHA512
fd777aac4f149c701652975c34812dcbe21498befc577bc9b15287895fea9aa83800ae0f638a49908d9628dd32d13d9e1996adf0f8739f017792740d73908dec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5908e57e84d4f6fb0936cb6640b6bbb9

SHA1
17e78c07ff6ccb9c57434cdf3412dc686dee8bad

SHA256
b1f3cbb17b715081d96fcec0d5542a67377a991b77d932e9b2953fe43e56a37a

SHA512
605f75cd36b99f193265957da63dd9eb975031e6351cad374179b94abef89caeef6160eff1a09eccf36f3966c0883c44ab2cac0d47cc429dab960809afbdba68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
160KB

MD5
9be9917bbc817cb059a5bb6ec55ef074

SHA1
52869efa07c06be0a35b61d7d1810eedfb507ee0

SHA256
0938cb72760aa4969465bffa94f2df05c5e14f79b2f2d0dd950fb3871351acb8

SHA512
c16dcad413b60a12127ce3bc0a74c2ede3b017317ab8e8a5ce1b6dd3929175f50a5490cd8690f56f444fd73cc31d1ad90e0d3476d6a76648ff8b53a51524ea95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
160KB

MD5
c32f1ffdcbbd2bb65110bbc19a96515e

SHA1
11c54829ca0f7fcc6984cfa3e9341dfb3112ce9d

SHA256
e40168d9b3532b87a70fa0e31558cf50a5e7d769e9db086ecd1dfe4c769e5eef

SHA512
07fc7527b83c184ed32351ad9e2467f6f663996d23ceabc560248fdad6d7146bd5b27abc727abe40bbd020ce1bcd3445ba80b34e6277e9e1ba2a29539dd23cc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4320_1007596571\6434d71e-756f-4e6c-9bf6-e2d0a403b0c8.tmp

Filesize
88KB

MD5
2cc86b681f2cd1d9f095584fd3153a61

SHA1
2a0ac7262fb88908a453bc125c5c3fc72b8d490e

SHA256
d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c

SHA512
14ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4320_1007596571\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit