hxxps://github[.]com/TeomanDeniz/HTA_EXPLORER

Analysis

max time kernel
113s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2023 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/TeomanDeniz/HTA_EXPLORER

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133346188264476818"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3064	chrome.exe
3064	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3064	chrome.exe
3064	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 1264	3064	chrome.exe	84
PID 3064 wrote to memory of 1264	3064	chrome.exe	84
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4064	3064	chrome.exe	87
PID 3064 wrote to memory of 4172	3064	chrome.exe	88
PID 3064 wrote to memory of 4172	3064	chrome.exe	88
PID 3064 wrote to memory of 5028	3064	chrome.exe	89
PID 3064 wrote to memory of 5028	3064	chrome.exe	89
PID 3064 wrote to memory of 5028	3064	chrome.exe	89
PID 3064 wrote to memory of 5028	3064	chrome.exe	89
PID 3064 wrote to memory of 5028	3064	chrome.exe	89
PID 3064 wrote to memory of 5028	3064	chrome.exe	89
PID 3064 wrote to memory of 5028	3064	chrome.exe	89
PID 3064 wrote to memory of 5028	3064	chrome.exe	89
PID 3064 wrote to memory of 5028	3064	chrome.exe	89
PID 3064 wrote to memory of 5028	3064	chrome.exe	89
PID 3064 wrote to memory of 5028	3064	chrome.exe	89
PID 3064 wrote to memory of 5028	3064	chrome.exe	89
PID 3064 wrote to memory of 5028	3064	chrome.exe	89
PID 3064 wrote to memory of 5028	3064	chrome.exe	89
PID 3064 wrote to memory of 5028	3064	chrome.exe	89
PID 3064 wrote to memory of 5028	3064	chrome.exe	89
PID 3064 wrote to memory of 5028	3064	chrome.exe	89
PID 3064 wrote to memory of 5028	3064	chrome.exe	89
PID 3064 wrote to memory of 5028	3064	chrome.exe	89
PID 3064 wrote to memory of 5028	3064	chrome.exe	89
PID 3064 wrote to memory of 5028	3064	chrome.exe	89
PID 3064 wrote to memory of 5028	3064	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/TeomanDeniz/HTA_EXPLORER
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd8dc9758,0x7fffd8dc9768,0x7fffd8dc9778
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1876,i,9385433341050422489,13490008811793952319,131072 /prefetch:2
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1876,i,9385433341050422489,13490008811793952319,131072 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1876,i,9385433341050422489,13490008811793952319,131072 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1876,i,9385433341050422489,13490008811793952319,131072 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1876,i,9385433341050422489,13490008811793952319,131072 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1876,i,9385433341050422489,13490008811793952319,131072 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 --field-trial-handle=1876,i,9385433341050422489,13490008811793952319,131072 /prefetch:8
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 --field-trial-handle=1876,i,9385433341050422489,13490008811793952319,131072 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=1876,i,9385433341050422489,13490008811793952319,131072 /prefetch:8
  2⤵
  PID:1632
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\SCRIPT.VBS"
  2⤵
  PID:2576

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
92cf8c858588f8004d0f255ed882dd7b

SHA1
9e08ea1e177a68fc1ac8fd61d28f52aa30fd6c46

SHA256
24ec78f5029fc5ce242e4ea21928e3ebbe5261837fa6bd4ed09a1a2979475391

SHA512
4f3e79dfd602ccc1e65b63022c46dd7382756974b5a738f92a8f1002b2c4cf7fb699da035a23b494e504e8c82628eaf5821a872cb9799c2b436c472618e83fca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7699a2e63d2f487b14c19967412d65a6

SHA1
db6b103821faaeba031103f3e08626929a3af60a

SHA256
79a22fd0dc378d2be951a839422d4796d41def6b062af4c88798cafc57dadd7a

SHA512
be287a95a5e04f866ab4697cda7990e00cbaa09f70f0eea3ceb21d9289ce2b9fa105955d8d58ea2964437ea94c4257d0fbcc41a976ba67f62a2060e30faae1a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
898b7d8660748b9f945467baffcae65f

SHA1
53f0e547db3bbd1f0093ff50315292be57177bfd

SHA256
b935d01483c33dfa0eecbaf3810f3f2378047c6fb547ca5bbdffda63395c45ce

SHA512
7e38fcf110dcd6bc4b019770307509c470491d8bf37b92a2da6fc5e689a63afa0aba80cb19e365f2f45be785fa15f948abfd9dda7f22aef580c39f0b64efbf09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ebbffebd95954ac53e86c19c3e72afd1

SHA1
ab9248be23fd260c786d11c8a444379091b833fd

SHA256
687909caf091cda631b6b106f9cc04db2e198e34ed267af2d03c65c97a8c36ee

SHA512
471c3f6c5906c6b5ed6a8d109c8bfbeb04f56a7c265e332c5c526ee29a33620eefa21d705884da96e30b2f8ecd99615cf85106d21fe8ccbc0438700056f5cf51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c0ad4f390e026c678e335e9493b59811

SHA1
16b6e0e261da4c68a53f2a34142d33c1930c1cbb

SHA256
6d1eb459f79f548cd93c7705d84ea3a5b11258608feefc450022ae712bbe7b6b

SHA512
4ac2d4e37754cef1ab5f558db97f04266980edc886f36087c8e94890e21f36892dc7e9ce7802918d8b82ecfa7a4477c7ad450b63dafb3f6b61ddc44f549755ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
68d4d472b11ba64b9097361cc6215ffc

SHA1
8d5fd8721a698878483e676b268c013ed391eb71

SHA256
4850de94717b3ce3ea784b8660532e64bd145b2d74b62a45541ce1cd0833ac64

SHA512
fea68108a111407c8a56d1611eb60dc7ab5eff5a6fe185151bf756c47476f31e1bfd61a5f92a3e382a986768f4e8d9b0fbb4706827a85fc67c39bc933398149a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
af0c7f0a5bfac1d8fd4fc420d909ae87

SHA1
166ec32bbe6be57b641a18d9e7afac9d4a343a4f

SHA256
35c263b5a0a51c44b84fcbb0bb0d5e99630f9d9060ad0776265abdaead0f9ea8

SHA512
bc859435186ef173403926e7dad1e0fc22aba7e7443a66a601463c6512d8f5f5088afd68c6f021eeecb711133ac9df7e58cc74ef87362857d25056deea5055f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3ed243fe0a5774f1d10b3207b4520945

SHA1
5e1ceba330dc451d91fd0f1256fda6c9c6f2e9dc

SHA256
6b70e45aa818ee3be8fbebf2f0f67d2f96dd372764a3686c188eade8e84e6af2

SHA512
1a980d6fb7ee2cf6d0b54fcae6ff4743434cb296262cf60e6fba5ad3cb8c6ce5617eb441169d083be169cb68c02b71d223de1be2ea53d5727fd708074d965167

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e93c76778f7529b70408a4b0a3401a01

SHA1
c554e4b84a76fdcd57db93caeaedd8f6472d7bc2

SHA256
dba9d38eecdca372f6703fd767c6aff667f815cb801e500cf29ee8399e0ff27f

SHA512
852518285abe2006ae51318a68b840ebd022c66b6efbc93e8d9cf2c419ce321d7e242a5f53d2e0266d5b18628371c53fda201e0c9537e686f8d9eea1e015a585

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2b3e62128c223442580c243aefb9b3df

SHA1
465006de5ac580f1304e980a6cf7da02d684c8d7

SHA256
b02e28626ee1fe490bb59f3d4a51c9517ecbe6ed7bb9717ba966eee75d550878

SHA512
37c74bce1b77eb89db680e62a341926cda649d42b439744f06dca7297af72d56d6e2e8ada213d6f6cc01cff5832d80baf35305c6d4efafef3aed7d97bc1e1e6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
42a6a49fc100fa6a302c6ba77754a8c2

SHA1
bd7252ebc2f34929d3c44e1807f6cbaa31b0e974

SHA256
79556e5445845fb792c2b5a7959fff3c48ae5dddfdf88e125a72d96e5b48c03c

SHA512
3fee8e56886974d88c954a994a7ddd29ce39fead9da6485cd350b044656691ac24fe49b20d71f82783e29701c8230c59d827dcdfe7c0c1e726008e33c7c6f105

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fb4e7089fc25dd660422204e7fe03b17

SHA1
1c2bc37c5281c0339193f7f6b970060884a68163

SHA256
79eaa37cfb78549d185cbf50ad983dda5c83193d892b74687b9c984f2b809d7c

SHA512
5c98b9afca901c5fd456c67eb438f666b9091bd3a297b02490f6c8f9406ab01de899eed3d573555b79c365aefed81270a16e75ca4998ba9fcf7330729aff031d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5bdde2da45525f9055b29f4e84928d43

SHA1
964c4b28f1a0b00b6a6089a00e91d4bee54b2709

SHA256
894759526c1dbc3c32f39dc8ec22fc07f3395cebee9c13055d04afd6b3465b90

SHA512
fbbe4c543b636c2798fcddfa0e4a847b9ef3683950c5f62b5f4797a0dbdcfa1dc59e3c83ff26d6ffaf11c0b521cb2fe0584414feb5c7301c7ac113a0faf48894

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e3343e94f38b1c76da3ce7fc704252cc

SHA1
688958a0ff2050d6516a8530409d188ce04a5106

SHA256
02226714b12f37a7d53184f3d731fe22d2021612c89b4476ed3f6e0399e42b67

SHA512
f188bb9f04a8e67680f9f78238d00cab00f75c7eb791cae166b373fc8a91d75c36f1ad2fe62802688310da56a6995989486ea61dd1246414eac6fa372fd4c3aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
44809bc44aad075c104dd3e452f73c35

SHA1
89f4ba5b3d492a7600fe41193ef601472c697000

SHA256
8be2d78b3dbf5551d152cfe3cc722af5417b17e0ebbdcc6b85b260aee874a3b5

SHA512
bd052ff520870d16a14a04695eb5f51fc247a21ca02a607be2257a86c35c6d69b0d4780b586c6d36b92d9f4e5ea14f8bd836a21e0cfc7d6f035fc3a017a05504

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1d2f84948f00a1440c8a7bd9af52cbfb

SHA1
005ee5fcfe0480e53d52f82d05b1b0507d5fea1d

SHA256
8526f1f3c51517622232addaca9f4c2d407105d653c433d56ec36a93cefea292

SHA512
eb9d4bc5f8c43e746bc43e443ef642c8109c1fbd4d93125881f9c96da875b5a1feb95c0eeb2cf633d1bf1c68a16877842bea4e28c30f3fd3a834b2ddba4c81f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
38b5d186bffa2a018ec0c52f0e85a625

SHA1
175961b7803139daf2ba2db00d64359b7624f6b0

SHA256
334cda4d8efb77b251657f580cf98d26559dff7980f20715243d32b634c7fb2f

SHA512
fe96b077caeb5c8d4b64f821eff86f1f22c498a7a10b14b2b4fd024e1d3b53049684c14e9bcd8687b9aab7b379b876452e69d0665fbbc7c6a7163229008f9364

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
37f8fb2cd64f11fe5ebd48e880b1cceb

SHA1
b34e1dc3a59985dcc732bb170b5012e00095eaa2

SHA256
79d5edd99d6fa88c13cc4307c3144c10fa54b27e90a5c59249de59f874fa8ab5

SHA512
b42d1ebb0d16e3893ef1c8a91d7a0a2c0297d33be25aef459b2c3261e7d594c8932ddf7a099f08eb64282216b1c85fd0d7d5045b2524e0fa16d041d73ecdc663

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe593464.TMP

Filesize
97KB

MD5
746a3c23f9108fe3b0883f2fbe8388fa

SHA1
ce1cc8d3751f137ca82dade600b443a63e409dc2

SHA256
61ef4b395ada9b5ed815b7a991953dd118ff265e871b8b1130ccba2e2afdc57b

SHA512
89b590aab8228cd2ac13e2e2e21f1bdf684ec6d6fbaa91d42c6e3876b172fecbf69ffd864810f23486a3af5c714338a75cb3a9df488b5299d44a4b49dbca0aea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\SCRIPT.VBS

Filesize
12KB

MD5
4018dd024f4ef17e0272a09ef99c0534

SHA1
962af363fef11f7c7c49aae4f6ed17a8af5dba9c

SHA256
eb63b9ef9adc8689a7b2d7cde0b45e698be84e1325e92aa888d21c4740eb01fb

SHA512
b739cd1632642e8b71421e251acbb681335d305d2044d0dfa3f03b189e7e0710df0c84d5b1f50e6abcf2a69396660331e220f0648a369e560284e7d5f60ffc60

Download Submit
C:\Users\Admin\Downloads\SCRIPT.VBS

Filesize
12KB

MD5
4018dd024f4ef17e0272a09ef99c0534

SHA1
962af363fef11f7c7c49aae4f6ed17a8af5dba9c

SHA256
eb63b9ef9adc8689a7b2d7cde0b45e698be84e1325e92aa888d21c4740eb01fb

SHA512
b739cd1632642e8b71421e251acbb681335d305d2044d0dfa3f03b189e7e0710df0c84d5b1f50e6abcf2a69396660331e220f0648a369e560284e7d5f60ffc60

Download Submit