hxxps://rb[.]gy/ntacs

Analysis

max time kernel
1800s
max time network
1783s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
11/10/2023, 03:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://rb.gy/ntacs

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133414673742807527"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3576	chrome.exe
3576	chrome.exe
4760	chrome.exe
4760	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 54 IoCs

pid	Process
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe
Token: SeShutdownPrivilege	3576	chrome.exe
Token: SeCreatePagefilePrivilege	3576	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe
3576	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3576 wrote to memory of 2384	3576	chrome.exe	57
PID 3576 wrote to memory of 2384	3576	chrome.exe	57
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 948	3576	chrome.exe	72
PID 3576 wrote to memory of 816	3576	chrome.exe	73
PID 3576 wrote to memory of 816	3576	chrome.exe	73
PID 3576 wrote to memory of 4448	3576	chrome.exe	74
PID 3576 wrote to memory of 4448	3576	chrome.exe	74
PID 3576 wrote to memory of 4448	3576	chrome.exe	74
PID 3576 wrote to memory of 4448	3576	chrome.exe	74
PID 3576 wrote to memory of 4448	3576	chrome.exe	74
PID 3576 wrote to memory of 4448	3576	chrome.exe	74
PID 3576 wrote to memory of 4448	3576	chrome.exe	74
PID 3576 wrote to memory of 4448	3576	chrome.exe	74
PID 3576 wrote to memory of 4448	3576	chrome.exe	74
PID 3576 wrote to memory of 4448	3576	chrome.exe	74
PID 3576 wrote to memory of 4448	3576	chrome.exe	74
PID 3576 wrote to memory of 4448	3576	chrome.exe	74
PID 3576 wrote to memory of 4448	3576	chrome.exe	74
PID 3576 wrote to memory of 4448	3576	chrome.exe	74
PID 3576 wrote to memory of 4448	3576	chrome.exe	74
PID 3576 wrote to memory of 4448	3576	chrome.exe	74
PID 3576 wrote to memory of 4448	3576	chrome.exe	74
PID 3576 wrote to memory of 4448	3576	chrome.exe	74
PID 3576 wrote to memory of 4448	3576	chrome.exe	74
PID 3576 wrote to memory of 4448	3576	chrome.exe	74
PID 3576 wrote to memory of 4448	3576	chrome.exe	74
PID 3576 wrote to memory of 4448	3576	chrome.exe	74

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://rb.gy/ntacs
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0x44,0xd8,0x7ffbd9809758,0x7ffbd9809768,0x7ffbd9809778
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:2
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1652 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:8
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4656 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:8
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3236 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3656 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3124 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4840 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=692 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4584 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4232 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3480 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4632 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3736 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5080 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4644 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3128 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4376 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5156 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5236 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:8
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5368 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5184 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5008 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4392 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4628 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3064 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5532 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=3096 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=4376 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5320 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=4496 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5208 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5512 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=3076 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=3016 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4888 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=5416 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4496 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5140 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=3256 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=3068 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5308 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=5140 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=1680 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=5352 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=5408 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=4452 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=4604 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=4644 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=5152 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=5172 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=1808 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=5172 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=5184 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=3040 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=5256 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=3640 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=5112 --field-trial-handle=1816,i,3329154388996374935,16567507602706279900,131072 /prefetch:1
  2⤵
  PID:2284

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
b2546a709cf38e5e7f42a2f15d55ed71

SHA1
b8ebb14ae703f5b234510e7a27056b182320fba1

SHA256
971d7b114a6f0a5e50d037f6aafd62a2002ddb261cbb1edabecfbc2cae5df1bd

SHA512
6a52d4444db7ba2afd7df632a5ff34ac070fd020c49f5d577f603f40861af05f41c515f698511439947f5de02a980143da97cbf727864e330d6209ca7d8cda05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
320b9aee91ca49dba2b081d45a98ccae

SHA1
4846d2398cf3850199f610c89f01944e907f641a

SHA256
9fc493fb165842bd51a06eb5c8d64fc3c32a6306a53707ff772b78d7b865e651

SHA512
3fd2fbff2bd38f36b327f020b80d36153221dc77c5d7d1485b741023cc3d1f054f1584cd50217651e36aed035be1b9bea79b064f12d71d371770404e04aa7034

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f64791df29c05d4c2d1adbdad06b1606

SHA1
b82339051c9357fd1cc81cf94be0fc230f37c5e2

SHA256
7dce616438c47ee36f34e8c00c3646b3de4a7e5f0544f4dc8b5496297529ff9d

SHA512
53fd8bd94b6c69128ed063000af88823b578a3d8c28556551354ccbd0d42312503e07007421ece92eac195617eb45f5dea2066175734bd71245c253a3eb83766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
81f98a0b38ac7b413b38d91d82b66762

SHA1
0641f67060183a33c415e9f1cadbe88edc023013

SHA256
55bd3036edf7db7c23555092ed56abe86d0d19bae505867c329f36a30c347837

SHA512
869152559ef89da634e656b4e792f1615fd34b995e5a142d10d6df8255b4c2de36c9aab1a60215bd0e87932e734ed4c6c56505632ecd0c9a51a5b0e3e45b55ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d318c3f112eb8f9903abef6d56ff66c1

SHA1
3351e6c9a8686dc30eded6b2328bc498886d5e66

SHA256
51ac4c711d057cee059bf325f3b3a6ca74166e058e64938d9c22227ed1bf9fb4

SHA512
1d2fbf810caf060bd6befb165ca6590febc84c2410c3b4895e13d31d1f56d95816770f1453d50d39b54cce3a27f54721f79c937de78daa0b1bd8143b5881a75f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3c1c8c16e4e88a8aedf428a5c3eb7d5e

SHA1
1d071e0696909559127cf0fad629c8f3264283f3

SHA256
131d7a9f36adc41058b2d6626b0db9361c4acba088172041bbb56c8a80dc72d3

SHA512
bd757ea7cbf7e77a3692d7751a996bb20a8ea737bae047ecbadccc64af00384275c6e4bc0f231cde16c105fd3595b7f417eeb4b7ce5c33bafad03f346edd2095

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
c96803bee1a5afdd22c2a5be08ca3a0b

SHA1
1ec63eab613b544630d3def04e19bb8ce7badb4c

SHA256
6b82e8991d3193e7d71439e3ebb235d81ac3f0bb69e0a7fa1f30a2f4dbe78a02

SHA512
21d67e20171816fce1a60fda16eea6f5ceaa62de0174ab981cd1e52090c1068e5ff7674636d21baadf7f38a695f843196b4bd5f05ff85cffe700b371bede1dad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
0c689b1959a33475534d8b895c4c51d6

SHA1
78afe565d3b1b407555c66e397cde6caac893353

SHA256
aa271ed9b0008ebe468dcd9c5bc76a271b9e6b4d2536174830dfbc31076f0e91

SHA512
3c28e534b2dbb2c8ee93cb7a2c757e8c480c58068a39c243a60127a44cf79c9d6ab1ae03fe331653c8777af5c4db0f061312cd41eabfd6e5b8903715916f93dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
250a64bacae4adf719815a21b452223b

SHA1
7d7c200d374b7e4e94d1c54618f2a66ee3eb4a25

SHA256
24f83cf5719d3e0f6a7e7bdf0553d5331e4044b225cc1bd9cd62c638f237dd86

SHA512
635ea1a070cb6986135f6852a35d8a44a3054179078a7a4ef4052ac0b0a0e2291a3a63c540ce0d8f3c5add706da2ce1f15133fb5c65e12cf7d57ab0bf3c96762

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
52d424fedbfadb53d123bf2de582011a

SHA1
cd87172f548fa4fd0d50c35a7ba161f5a8918228

SHA256
03da42350b4abcd0ba3c77f2bc6f74b45907a6ea2a3d2324f016753636e64ea9

SHA512
58f80a3bb49ceeb9a7fead61be444cd70037e357469d9d169ecd9c5e2a48a4d0745722c4c84a4e9bd6dbd1d194ca1031d0204bb0b2dd8ea4381290563a57b42d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e7e53bc189cf33b376dea486f47f1950

SHA1
2408f0769b471b3c631c72f137a8233ec112aa30

SHA256
db4dd5363ae8af8311a9fcfdab28dfba18b934fd88a4f96a3d1e2273b0fb2ce4

SHA512
c4152223bc8c436f951dc528a3a2e01d2a909ab40f0dc909fba47d2f6116820c51f02062a13e87247e0ce9eb4715af5843a6e1711400ffe729fd439135c47bfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
112776ee586b726529ce1793f882683f

SHA1
9ee76e68f52148083733c2f2d9c23919b47a9a58

SHA256
8017a9dc0a4782364a43a6e92e0fc38be1d96fe3d0730a464ba909b28b1b7fec

SHA512
f1fb5ce6e7abbedd8799f4d2b49a94e6a48223e69430cc4ebb8d81ba175445d93eea6baf5dbe4e8dacf35b15251d5edd101d62e47226ca851e65e1485447d064

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
e6c631348749180dc10f1cb1edbafac8

SHA1
ae36f5740eb8f1e7f702f689483f2fed8a5e7a5a

SHA256
910ddb2c2e142b02dd685fb645e2d1eeae68333429aaa97ee07d6a4b6ce91c72

SHA512
51a8b3271b4acf572e037d1373d502dfca69920b73ee5c90d51d35bf9f654755cf5d2104893c2dfe4322a6df75058e35bec6b63e9ce9a7a2349a0cb5e8a4c9fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
f32014af273fc62ab06ff762e3c2eae8

SHA1
90ae3bf62a244d85408259687eb54dd597cbc650

SHA256
7ca747d80147a6fecd16894c778c40e7e8656d39867cce5814cc6a69571bd0ad

SHA512
a1d8dd8da7188ea16a4d9fb169b6ef099dfc1f719bd57eb9a3b878f69e4f8324851100e12bae6c5baea8aa806b81c64d6381b018b7797795588d7f8e6cd5e53f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit