hxxp://recron[.]com+document%3Dsecure+v2+identifier%3Dpassive@recron-hvo9f6b4m9[.]maritiz[.]com/ipfs/bafybeia4lobnb5agacisxkisdjkr363s3zvsogsuptaxp5ouwss7yzz3bq/MTY5MjgyMjk4Ng?vkyaDfixedKL28caiqcBYJER3zD8fLhVo9f6b4m95744-sfmaxgen-pgx--ifxEnquiry[.]marketing-isxrecron[.]comsf-1MC4y

Analysis

max time kernel
600s
max time network
489s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
20-09-2023 10:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://recron.com+document%3Dsecure+v2+identifier%[email protected]/ipfs/bafybeia4lobnb5agacisxkisdjkr363s3zvsogsuptaxp5ouwss7yzz3bq/MTY5MjgyMjk4Ng?vkyaDfixedKL28caiqcBYJER3zD8fLhVo9f6b4m95744-sfmaxgen-pgx--ifxEnquiry.marketing-isxrecron.comsf-1MC4y

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133396789201874923"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1652	chrome.exe
1652	chrome.exe
5148	chrome.exe
5148	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe
Token: SeShutdownPrivilege	1652	chrome.exe
Token: SeCreatePagefilePrivilege	1652	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe
1652	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 32	1652	chrome.exe	55
PID 1652 wrote to memory of 32	1652	chrome.exe	55
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4916	1652	chrome.exe	86
PID 1652 wrote to memory of 4852	1652	chrome.exe	87
PID 1652 wrote to memory of 4852	1652	chrome.exe	87
PID 1652 wrote to memory of 4792	1652	chrome.exe	88
PID 1652 wrote to memory of 4792	1652	chrome.exe	88
PID 1652 wrote to memory of 4792	1652	chrome.exe	88
PID 1652 wrote to memory of 4792	1652	chrome.exe	88
PID 1652 wrote to memory of 4792	1652	chrome.exe	88
PID 1652 wrote to memory of 4792	1652	chrome.exe	88
PID 1652 wrote to memory of 4792	1652	chrome.exe	88
PID 1652 wrote to memory of 4792	1652	chrome.exe	88
PID 1652 wrote to memory of 4792	1652	chrome.exe	88
PID 1652 wrote to memory of 4792	1652	chrome.exe	88
PID 1652 wrote to memory of 4792	1652	chrome.exe	88
PID 1652 wrote to memory of 4792	1652	chrome.exe	88
PID 1652 wrote to memory of 4792	1652	chrome.exe	88
PID 1652 wrote to memory of 4792	1652	chrome.exe	88
PID 1652 wrote to memory of 4792	1652	chrome.exe	88
PID 1652 wrote to memory of 4792	1652	chrome.exe	88
PID 1652 wrote to memory of 4792	1652	chrome.exe	88
PID 1652 wrote to memory of 4792	1652	chrome.exe	88
PID 1652 wrote to memory of 4792	1652	chrome.exe	88
PID 1652 wrote to memory of 4792	1652	chrome.exe	88
PID 1652 wrote to memory of 4792	1652	chrome.exe	88
PID 1652 wrote to memory of 4792	1652	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://recron.com+document%3Dsecure+v2+identifier%[email protected]/ipfs/bafybeia4lobnb5agacisxkisdjkr363s3zvsogsuptaxp5ouwss7yzz3bq/MTY5MjgyMjk4Ng?vkyaDfixedKL28caiqcBYJER3zD8fLhVo9f6b4m95744-sfmaxgen-pgx--ifxEnquiry.marketing-isxrecron.comsf-1MC4y
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba2539758,0x7ffba2539768,0x7ffba2539778
  2⤵
  PID:32
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1864,i,3078838974642577230,2791478164729004371,131072 /prefetch:2
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1864,i,3078838974642577230,2791478164729004371,131072 /prefetch:8
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1864,i,3078838974642577230,2791478164729004371,131072 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1864,i,3078838974642577230,2791478164729004371,131072 /prefetch:1
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1864,i,3078838974642577230,2791478164729004371,131072 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4584 --field-trial-handle=1864,i,3078838974642577230,2791478164729004371,131072 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1864,i,3078838974642577230,2791478164729004371,131072 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5188 --field-trial-handle=1864,i,3078838974642577230,2791478164729004371,131072 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3976 --field-trial-handle=1864,i,3078838974642577230,2791478164729004371,131072 /prefetch:8
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5652 --field-trial-handle=1864,i,3078838974642577230,2791478164729004371,131072 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5848 --field-trial-handle=1864,i,3078838974642577230,2791478164729004371,131072 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6128 --field-trial-handle=1864,i,3078838974642577230,2791478164729004371,131072 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 --field-trial-handle=1864,i,3078838974642577230,2791478164729004371,131072 /prefetch:8
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6876 --field-trial-handle=1864,i,3078838974642577230,2791478164729004371,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5148

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
181KB

MD5
f4d077fdd3bad1c3730c23cc2dea0538

SHA1
55bca2302e887ed5e238ed93ec228b46cdfb7d7f

SHA256
450d9f7f377f988975ef34a223a85831d1f9f862d5052f834efcda8146142e3a

SHA512
0b3754e2c994e97be8e84d3b239661bf08134d39921b4a9d1e41d26c2779c5ac5a106f71ca2b7bb6997d6ea1457d1225414129a8826a9a4388b7ace66cc008cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
e576ec5f701b2fe1f3f26d5e314a0b2b

SHA1
f9c7763b4498e6e4106afd8110e2a870f6fc7f78

SHA256
d40d84c58e56b99f33d5a058986d345ed499cd3c93ba34990929f4bba06ce846

SHA512
2dbda9af3994df74122bd687563292a2071d312296b3d0b1b11be806deb82b8560ffd975712232d7b8f624a2d75ed2c5bd1777d478ec09bf6771538dd775ffc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\LOG.old

Filesize
349B

MD5
2ebcdcbc51608782e28dd921f0ccf46e

SHA1
b02b71b43c59a1404478c895d798022a12da3527

SHA256
4c16146797880cfd128fb56ba15e4dd8101c446b9298a32812404a018ecf275e

SHA512
ff1cc12df6ef536864015411da69dc6c431241349cb44508364a7ae3d673108ddc534777f3bf474eb4da6d22b49258f6497f6d95b173d9de5873e78777d43e63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.office.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
34ed3e9272f9b9cbab4e2cb3c5c6fc18

SHA1
6e379bbffabfeef80e7dc940a05b73a85f13d021

SHA256
c60c0d52db6051682b2215b48ee85d7263e6ffd4be74ca9a84ca1aa0981eb55c

SHA512
a57422a569fcae49a482bb0b7180735658e456c494e533cc797f711e544b9d2226b16c3fea5ed662d89c63638d16780f503f5f154db23d06b50a6e0a5d8aa2cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9221bee6b26b915d4369d94c9a02911f

SHA1
a2d03a61fb5f509f7be887c062184fda3f3d565a

SHA256
100e2ee8b592886249aa29533a75920007661fd593508b1fb7047520ee60846e

SHA512
2cce0af7b849f9143ae60a1ddcd7f8c797ed8fcd548632af33bea1ce44237b10c12b4079bf3a7e47ebc1593f1411699b1a8c9100e504a5fcae29785558cfc832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
13b945181fe4bb9435fc0f1f447daa5e

SHA1
e2738190eb37e6635496667e9c6b7fd883340817

SHA256
5561913ec1685f55054933eb2be8ff7a45180642c84b460d7792a9b59ef3befc

SHA512
2a08fb2ebc7e338876290d6208375642e61c1856b8b4d57bccd13ff92578e90aeb0a9cf917d63a793c86ce8eced47fbd97f14a3796013f9e6579ff2f7d6b1050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
423af0c7d9b89cd22e8ee6f13720fc78

SHA1
6b06b64f4e0da9ccd6605b3a1f3b49bb06b93ee2

SHA256
3257d9bf8e3987ab869d3c8f05da661b6b0a0fd397f00f3a1bb4a84c4893fc57

SHA512
a3c9ea8cb9814162efd01172975d08242748dbab497e543b57a0ce87bf5aac9c82d4027458c92aa44154d1a29075dc82aecda9f7b94e76c9becf2a8fb2c3bedf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b8d3dd3c23afdf1cc48a919b0e44f379

SHA1
7da1c7d8e22e87eae3bfe142eb1deafde4f9d82a

SHA256
beeaf7c48018450af0b1b7ab24db0585839aa1366fdf540d7f3910a0a8ca3b25

SHA512
56e505570af06caa911e10fed949a564a1ae087cee98bb420f561e9c6b3bfe91de6cc37a11cc8b95cefda1ce9f98dc44020f10da84a514a248565169a55cf4d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ca870619fe48e301635518667e192d09

SHA1
081c0a6233efba70a90a7cdad9af0fe965588355

SHA256
4e1200e4a66f14aa413bc0ebef59bb7d3553f2f663e7943cdbf4446baf718d31

SHA512
bca79870bb1b98fe8ad0b5a8e8d56997dbcec33c303c9bdf0ecbdfc2dc79fd3a5f3af223c3083e219ab1f66a0d257cf01d09f1a1220b2c850bfff6dc19ad0ac5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
93fe942cf8584f68fdc706b8421dab12

SHA1
f97e9f25b11c072926e40fa8594c22d94be22fbb

SHA256
822f05c55a4bcd22913b72de67bdd2f7573ca3a5ad5b50d2751ee0ee1fa7b3ae

SHA512
edb1e97a9eab4fa72a89bc1fb47a2d762df5a88bbe55465fae9c370ede0231500aca46298b8548120c35127bca90f88f510980639cec028b665afce533a55a8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
802263b4ee72e8fa62be27c2f07c436a

SHA1
ddf91673ff4c4b9d8bb3d7745f29317a595bcd39

SHA256
6cb1a2049045e122be5b3204e34ee795212bf93723d2b1ef4d81764f2d50af5f

SHA512
32f8da0e6f1ae74635cce87714e3ed925e4d5f68bdaf17d8b74c0162569f258a9ad6ad96f3f2dc5ca5ecbbebbe77a2e768015c4a1da1eef7d46fad59865a1371

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\5c1beb21-c81d-4dc5-9f34-a131a4d0364e\index-dir\the-real-index

Filesize
21KB

MD5
3e26181213bee4cce9943e0bf0bb40ac

SHA1
8cfe7415d9c20276f2d7c338449246224afcdca0

SHA256
d6209ac1219f24543a52906526f93a1d6899ab45fcf82d1d08d6079a6dba7db8

SHA512
81106607ca214cb4f7df46dea84ac1d60c2c2a80b00c33dad2d9ba9aeca25e328db078e6c53b0f86de152ed03b8f65f2e6b4384e73ad611374605ec6a7d587ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\5c1beb21-c81d-4dc5-9f34-a131a4d0364e\index-dir\the-real-index~RFe58500f.TMP

Filesize
48B

MD5
c70d3a006031e7b159626042d9b6706e

SHA1
5a95e274e70a87d5683ee270e26f0ee9281c70e9

SHA256
c26602e72221bd212200c9429949f01b51381723e51cccc14214c3606a25cb92

SHA512
1b46c65817351a0c2e9fe7ecc9f9dde37f6ce7d2f7626bc26a33a0234698faf58ef262d8c6752c5a024050d262986639f830bdc0f010902fc11d8c0627086bbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt

Filesize
260B

MD5
14e18761220225d6c813730f1c00a834

SHA1
e8bf5b478520974e5a211ae0857a939eef798df3

SHA256
7c52caf2d5b7db4be68f796d4e5c89f6a1d1f8212cf4009507b0d7bbf564c3a3

SHA512
7e9dafe8d67b4158bcb227349a5b25ebf38caf91d242743cdd81e54a2f7a7f3d3c91dcd552842d0aa5148a6798b2e94cb4bd53166d290fcba76d8aa28de7e255

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt~RFe58504e.TMP

Filesize
264B

MD5
bb8b373cd593b057438b0a5a69616c5d

SHA1
951dc8de3285d447489c6f2b43bc7d97491df264

SHA256
c3a84533966af8031d5c56a48aa4ca9b333183e5473e4a6b92b820acce9ef1f6

SHA512
1b05bb3dd53a492fab7bf7e1baaf4481e89b793930259eb4cbede97739e6e94db9f202a764b0f7be1c7e91d3ccb22ce20b75093ac07871750bde77eed9e181f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
d9067fe50878847c563a8b3d612337b6

SHA1
17bf96429f6901b2123d0588aa6adc5dbf3d1af6

SHA256
bd9e3ccf60d8d566a4b74e45679ac9dc55380c7505a631c87764212b8c51d234

SHA512
a6c55cd93d441f59c29857bff754972aea9e70579aa86479dd368c2b6bc3efd395355d01a7a5a817d817838ee877c61d4ce93e764fe06ef5464ac1823455347d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c9f7.TMP

Filesize
48B

MD5
580bf316471c9df4d6bceeb9b52a2631

SHA1
0591baac96d84aad2e8aee97139316031d27120c

SHA256
920aa49f15f55dd9183f470a5a7eba58a1a8ddfe5839eb5ad5ae1eb52548fcf4

SHA512
f8730623b80f236ab5b2a40410d9d4548835eaae8f72aa99c6af9be76e09cfea8796c73cd8641b56ac2c9e890d178012ce62e10fc99c9af3825d04dc68944423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
5e8205d69dcab0a459cbf48a5b1a654a

SHA1
b9b5481cee76068048391f2c443c12acc9d2172f

SHA256
ce8e1050adc8e63746768f5856b67ffa612513f90571473db746d85fe92993bf

SHA512
81efb59d2c8c6952b3171168a2bb0a43268f34dc4e9047a840d465a70958cf607424db4f0ec24fccbe10d7cfe42b13e54a7ed8aabc5c886e6f55908a5dc40354

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
038e13731da3d21c8023375d71aa3d41

SHA1
af28c6c65bec3d4f68d6a2f7dd64b199474a2a29

SHA256
a7b94b8e987ad4bba45e7a54ec9f7eb931a96f9539ded002b2132ff06974ba8e

SHA512
4e353c6ce97be9878f3556349d6c5e254f2ca2fad77019cb278a2e295b9e0172bffea0f42eb67a576402110e92fab57fa197b8ef04f3c0048d7ff93e44ee2db8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e157.TMP

Filesize
100KB

MD5
6ca18ffd2c8c78fe0f59cb9b2bb625ac

SHA1
1f1982454f5baad61a796dc1caa1c85a9fcde251

SHA256
52f84be6664c19cc1b3be55fbc1396ab219d2b3efd895db3f2046c96f8cf640c

SHA512
ac5e05fed5dd09f57eb5f36468a40aeba2021865a03d2b29d561bbf3d99352eb0e8f6869f6ffe89c8fb7286e2f0c51a95e0ac8aad89beae7cfdb6347d13464de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit