hxxps://drive[.]google[.]com/file/d/1hLxnfe5pn-AexSTVqSaDQim4VkGUyaGK/view?usp=sharing

Resubmissions

18-11-2023 13:02

231118-p93hfafb3t 8

18-11-2023 12:07

231118-parlwsea45 10

Analysis

max time kernel
1808s
max time network
1755s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
18-11-2023 13:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1hLxnfe5pn-AexSTVqSaDQim4VkGUyaGK/view?usp=sharing

Score

8^/10

macro macro_on_action

Malware Config

Signatures

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

resource	yara_rule
behavioral1/files/0x0006000000022e48-189.dat	office_macro_on_action

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133447861790518470"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2488	chrome.exe
2488	chrome.exe
3228	chrome.exe
3228	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeCreatePagefilePrivilege	2488	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 216	2488	chrome.exe	85
PID 2488 wrote to memory of 216	2488	chrome.exe	85
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 4388	2488	chrome.exe	87
PID 2488 wrote to memory of 3728	2488	chrome.exe	88
PID 2488 wrote to memory of 3728	2488	chrome.exe	88
PID 2488 wrote to memory of 3768	2488	chrome.exe	89
PID 2488 wrote to memory of 3768	2488	chrome.exe	89
PID 2488 wrote to memory of 3768	2488	chrome.exe	89
PID 2488 wrote to memory of 3768	2488	chrome.exe	89
PID 2488 wrote to memory of 3768	2488	chrome.exe	89
PID 2488 wrote to memory of 3768	2488	chrome.exe	89
PID 2488 wrote to memory of 3768	2488	chrome.exe	89
PID 2488 wrote to memory of 3768	2488	chrome.exe	89
PID 2488 wrote to memory of 3768	2488	chrome.exe	89
PID 2488 wrote to memory of 3768	2488	chrome.exe	89
PID 2488 wrote to memory of 3768	2488	chrome.exe	89
PID 2488 wrote to memory of 3768	2488	chrome.exe	89
PID 2488 wrote to memory of 3768	2488	chrome.exe	89
PID 2488 wrote to memory of 3768	2488	chrome.exe	89
PID 2488 wrote to memory of 3768	2488	chrome.exe	89
PID 2488 wrote to memory of 3768	2488	chrome.exe	89
PID 2488 wrote to memory of 3768	2488	chrome.exe	89
PID 2488 wrote to memory of 3768	2488	chrome.exe	89
PID 2488 wrote to memory of 3768	2488	chrome.exe	89
PID 2488 wrote to memory of 3768	2488	chrome.exe	89
PID 2488 wrote to memory of 3768	2488	chrome.exe	89
PID 2488 wrote to memory of 3768	2488	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1hLxnfe5pn-AexSTVqSaDQim4VkGUyaGK/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92dd29758,0x7ff92dd29768,0x7ff92dd29778
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1872,i,10414009457237629182,10595447481911080882,131072 /prefetch:2
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1872,i,10414009457237629182,10595447481911080882,131072 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1872,i,10414009457237629182,10595447481911080882,131072 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1872,i,10414009457237629182,10595447481911080882,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1872,i,10414009457237629182,10595447481911080882,131072 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4656 --field-trial-handle=1872,i,10414009457237629182,10595447481911080882,131072 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1872,i,10414009457237629182,10595447481911080882,131072 /prefetch:8
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 --field-trial-handle=1872,i,10414009457237629182,10595447481911080882,131072 /prefetch:8
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5156 --field-trial-handle=1872,i,10414009457237629182,10595447481911080882,131072 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=1872,i,10414009457237629182,10595447481911080882,131072 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5400 --field-trial-handle=1872,i,10414009457237629182,10595447481911080882,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 --field-trial-handle=1872,i,10414009457237629182,10595447481911080882,131072 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 --field-trial-handle=1872,i,10414009457237629182,10595447481911080882,131072 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1872,i,10414009457237629182,10595447481911080882,131072 /prefetch:8
  2⤵
  PID:5000

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1416

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
a607df5d14e4f5ea81fcbfa8812927c7

SHA1
d5b48b8161b41b4c419425fec0fdfcb8dcc965a0

SHA256
6f94e64811bbb00b94290a719a50e4e3d3afdd2ec0ea5508514dc35a2f9d4246

SHA512
47530784a79ac67e7cb087acbde72b665ade1c061f3a7ddebe28b52066e71fdd8b654182b0c0cb05853f5ea664e4423d58d760498b35a4b9b1f70ca5e6bab2ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
01bac4db2ca3e858b500bb91d58d9b8a

SHA1
14b692c71c1335427360e21ffe61ce85d319411d

SHA256
b6c283fe7f98f700d65f40dba5b4a44c50363f04437af9d3ebca878e3371b7d9

SHA512
7f2ea4eb7146bf6c2b9741f16c248e1ad1faee522b7fbee0f7e6b7ed0ddfd103dc2158c345e44cfa3c73db71bbb9e71b21f2123eee8c94cd2e58767e8864da17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
51c794adbfd408c38a259aad65aeb553

SHA1
4cfe95645b266232987cfd42336fa9abd3d3c995

SHA256
e8a32733eb083523f964ccb547642653dc4512f611363e46b9ad70f9a33ecef7

SHA512
b6c758e979266a25634b6675132d2a9116b788408e45d280958866db813a6970a58e458a4dc42032f8cc91bb645b6f292cd4123992de5f6e531ddc52aa4b6256

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
f505dceebb6969fbd101bb87aaf1ea39

SHA1
01b52243b8576430e86e95f7a02f4caac1f6218f

SHA256
c011cf4af9e5a1e005edef5abf60d3a5a7aa6e8a89d0bc4a417ff86aff32d8ba

SHA512
d33a778e0b6ede2d2ee7ac4e77643b71182cb19aded52cff433bdad4c9352c4f665fc48543d741c911f80ce3f2e5a1d9a2d3472014653bb8975966d99d125598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
21858b65fedea48698d460f169f4a2a1

SHA1
b77e40a0b98e890a7ab39249a852d538a2fe1f49

SHA256
a0cd73019be930984ba3d519535f355f5fff237e359d507bc2260774723f3b24

SHA512
cc7cd13d1b85451cf6eb8c726c6b3c7f13ca15a1cf713bbd42f8bb6088bfd0c5188e2f1c100b8a3603f4f2b2ce4c0ebdb2a8f39428a176e9558c6ae1ba16fa43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
8904e3aafc2b096bfbeee63e10deb1a8

SHA1
0018c20ffc27b5181f9cc7203612aa804e0281fe

SHA256
86e0f3c058e4df40cbb6fcf3191eac28d35ae5706fd0d9df803ba03ed8f2969c

SHA512
9df209f9c20730fef1b32f75a4365de80ede6ec967a749914b5b471e197370193691e61bd8545ee664fc53a3f73598ec5fe1b3f08167a25018898a9b1f0c4a1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
0d12c4ef55a99a19c7631e42fb6adf14

SHA1
e4a63fef1bbb92489673e2411a44a3ec6ac3ffe5

SHA256
21edd1c5f402bee2dc9ac4baa88a34bf90437879020d71b20a58ce7fc430719f

SHA512
cd241f940e01c9232e51ffa9575886c6baa8aba624093bb45f492098d1851b55723879e4e3ad29e92742afd858c541d1a79b73cc879b86bc6be47a1c2ea5da0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
7c539d3a755afe7e95786e0006ac6b3c

SHA1
e8fe58cf996da6c1bc5a04c8638e4c190eeafafa

SHA256
c8a371caaf3bd26322bec5fd4c955ecebba06c5b385bed2840e11299127f1dcb

SHA512
a013d6328e26a4fe610aff41338927abe4ce6736f2170b1cb18f04b02c5bec394a3aab91fdcee789a67b2f2ec96985217d7db2095dca4b37ddf0594533cadeca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ab3b6c95e5c170448b9b4d6b9ca64e97

SHA1
732ba1b8e4676c9bfbb4312b23d934b4692cf12d

SHA256
58198b24997899e9dc45b3230c7e12081d690ccc5c112e4b838349731d86b056

SHA512
54a020b890f72b646db2837e6e7ed8e1dd368df7b0c89da9a1af96e454d8f25bc8b9d6ee09111f1f8a71845f7ac45ad4e35f59c06be808d9264b31a2cb5178ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9338b334454690b1120e329607673e27

SHA1
fad00f8bf357e63ae83e99095b3df6e866c59d97

SHA256
d7eacf9220e5fdb297654e0486ccfc9cd64c1f83bd314c2410baf97405704060

SHA512
7664805acb76440a0d38047eca2d0617fba6b9cced3c0441887ab77209b5a731d5224bd7a22a86786ce49901efa2734ac837387210b2bca79ef857bb89feb8b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e4e0e499e2cee4590e0233147b126f0e

SHA1
e7f3d1700fa5a8cda5b47aa6d1aa2a7cc08358d9

SHA256
7e234080c1c876bcdcbda196ce5d3c37a067bd0cb17c9677bf16d0d97471117d

SHA512
a69ec56239b192158ae47a167cef9d2260178022ce0f4bbbc1085ceafb5946d87f4a300afb29d1eb3a188c76716d78e156bf4b6cdeb8a1f258773046fe6a5784

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
199ad589d0cd3d6d96e05d1d8b3487c0

SHA1
abf3131cd6e558c81e9e02bd8c3db7a4c8f0ebfa

SHA256
de47bf9c076f090dbc4a61d96c4cc9daae681ce213ecfe9a6b5afcd3f106e064

SHA512
d88a260f92caa74844c212c538b17ac0218fe92dcdd55356fe55526a2f8eee6f9c518ce405b7afab78b5e1df82998e243078f38ab0a35d6e6d3c9d4daaa4c4d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
baffcb37791a608ded387bf48c138803

SHA1
bf462ac05d7aa9a4a8f4da4791e2419a89cdaeff

SHA256
74e950ca71bab335d305012c1befc31522d6348baf6489f122d65c7f0197e77d

SHA512
09d8549018cd6ced6a972f4757676e87c4188a99e25c6ef2afe90ae098e5dddb34e4fbe2ca3185206a5e1ef865ac6fde04ccab431f6874d2504e58062be6fb7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
df3f3c9901219bfaa1b4d1fbd3e11b12

SHA1
aefe4e601604e119ac7729f1f893ddb7bf0a9cd8

SHA256
b224c8805efa3219086dd62fc82d345f103cc086d6a46ad4aa2c1a30d36087b6

SHA512
41b4dcd8d469b840688dcfbf1059e795e3b8f9a8df7d01f206778a5916a188499c696c70303677c4f7c169d3a4f28a61135ad575e489ad56c8d1b4a77166bc51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c3cc9d8a32119d3fc36731bdfa3c4537

SHA1
536b2689ecfc7951033216660bae6a7dbd3e7176

SHA256
e819de3b9f02279bd26e637fa718b74e91a3ada19cdd0bd264416ae67a1dd6dc

SHA512
57a23035e90687c16e83c0f909bf0715865897affbf449389db4a17817f1437b2e2e3a66b656a1557a33b9fd1b729759c920af9fff5e6553038e3c5e9a853c15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
868a0e3f251b0b1617cf3c9785bbadff

SHA1
98083269016ffd2238c9c92934c28162e0eed22a

SHA256
2d622a714acd52c312ea1e83c6bd3e7be7d687dfff3519590c071850d0692a06

SHA512
c3cb0f0c6d83421601caaf79ad7f8204cf02d181685b0043694a8c5a9b31415988a909fc877687147b477032e18bedebdd9fdaba72716908fcac3531a5e0b2d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
65c7f356015e4adc474a78adf47fed4f

SHA1
12c754b00134609d7713bbb342286e282216e121

SHA256
200662c194ead32bce3146f3abb0232c7d86067d7ab528e4631c00b093e6f69d

SHA512
1b1883f278ec5cb37f529fd94d6ce2a10e7aa4a97a83b5fefc348f76d111c77dd4a9ab0123a603f46c134b7fd952036ca978df441a77d4e9f3768a8fe919fe9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
706bc44880bc72c3ec315c2105a7d69d

SHA1
0c1e4fb6d735c74bfeb1fc0b2f5601f1c41fe6f3

SHA256
b3b44b7b86b3f2b3a8717ef2532d0e50a54ab49a2edcf55272e8c92fe951ecc3

SHA512
536cf1adcef78d94eb221bf2ef7583a4979015ea7b0b33abd8d0a4b739246d554e4d086dbcd3c81a19cddd083ca0ac822a73927354d0f7439a167a9cc6945eff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
eda5ea00266247d35c0f0c5063bde206

SHA1
a3a7357bb9f2be7cecf5380b11cfacc6ca169298

SHA256
37829639c4da16695a827b70b5561729cef39d0bb1f706d735b59081a18fe2a0

SHA512
199fd95bb13dab7138d4da6477b011cdbe5786c0e11c7dab77dc00d95b1497a807eeb18b7e06e24a5951f83c3915d13aa4b70f97a76e97daf13b169b180c0914

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
e5fba016319710053bf10c90558069d1

SHA1
e3ac44d5b08e1eb3ba04372f0bd0fffc1fad1c89

SHA256
f3072dffa2def8cd95e55866d35872796a8491f91eb9c5c2817ab2811951750b

SHA512
52346b5fc94551632b83387246006bc7759d732634c5b8269ad284be6e34e28653387afbc900918291522a6fb582b79d0156d0d61e56fe497e96b0f975fe15d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
4932259f52f91c21438904bc55623290

SHA1
e0a9d18663d6cdea7ebc24bc30983f1d8177ba96

SHA256
44ed2867426b5996c351b1dcc7c98f5e5f830fd31f1264c19ad39565c02c61e5

SHA512
986eaebdcd952332886fc6db789519d23a36b7fd1ecb205962e34035e22ef462c53fdceb04c64900b861783bc665588b121c0f4f2f01e09eb0e1b7ed539978cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58a7c4.TMP

Filesize
97KB

MD5
103fa14e10919696d1ea33c6b312bb0d

SHA1
91ce437bb79caf452769f2817cd403140870f16f

SHA256
ecbf45a4e218536281a03f52ae3bfa5769f0da697e6f825999a709868e97765e

SHA512
e96bc09525ac2bf8f7f40637006373c134e61e65a66cd17b0560f2d2f976aef7595db98d8b629c4e733541060cf3d62b336513988285df0a5deb6d006330b10d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Microsoft.Office.2021x64.v2023.04.zip.crdownload

Filesize
2576.8MB

MD5
3d359186ff74bf516d2972dcddcf005c

SHA1
dcd1778eeeecf1a9c0c4cc4e8956d7770b2cd4d3

SHA256
6a76a98ea8a2c83fda5e2e4b8283d75f18d374c097f0ad64cc3b1fe578c2a529

SHA512
3a8854a29cf2ee0b3bd07a34afd41beefd86324adbb72fb60fa9fafa11de4fa8a4a657ac12daec30537b25af2a81673495e821dd0721aa0eae3b9dc861f4b59f

Download Submit