hxxps://ci3[.]googleusercontent[.]com/mail-sig/AIorK4zt4pL6L8FaTXIcEe8uGa66Xejg9SxymRZH1td-ulLjZ1I2M2es-pjHFrpLvkSpQksxm357xvI

Analysis

max time kernel
149s
max time network
124s
platform
windows10-1703_x64
resource
win10-20231129-en
resource tags

arch:x64arch:x86image:win10-20231129-enlocale:en-usos:windows10-1703-x64system
submitted
11-12-2023 22:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ci3.googleusercontent.com/mail-sig/AIorK4zt4pL6L8FaTXIcEe8uGa66Xejg9SxymRZH1td-ulLjZ1I2M2es-pjHFrpLvkSpQksxm357xvI

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\INF\netsstpa.PNF	svchost.exe
File created	C:\Windows\INF\netrasa.PNF	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133468069224636380"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4420	chrome.exe
4420	chrome.exe
3640	chrome.exe
3640	chrome.exe

Suspicious behavior: LoadsDriver 10 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
632	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	3756	svchost.exe
Token: SeCreatePagefilePrivilege	3756	svchost.exe
Token: SeLoadDriverPrivilege	3756	svchost.exe
Token: SeLoadDriverPrivilege	3756	svchost.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeLoadDriverPrivilege	3756	svchost.exe
Token: SeLoadDriverPrivilege	3756	svchost.exe
Token: SeLoadDriverPrivilege	3756	svchost.exe
Token: SeLoadDriverPrivilege	3756	svchost.exe
Token: SeLoadDriverPrivilege	3756	svchost.exe
Token: SeLoadDriverPrivilege	3756	svchost.exe
Token: SeLoadDriverPrivilege	3756	svchost.exe
Token: SeLoadDriverPrivilege	3756	svchost.exe
Token: SeLoadDriverPrivilege	3756	svchost.exe
Token: SeLoadDriverPrivilege	3756	svchost.exe
Token: SeLoadDriverPrivilege	3756	svchost.exe
Token: SeLoadDriverPrivilege	3756	svchost.exe
Token: SeLoadDriverPrivilege	3756	svchost.exe
Token: SeLoadDriverPrivilege	3756	svchost.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4420 wrote to memory of 4204	4420	chrome.exe	74
PID 4420 wrote to memory of 4204	4420	chrome.exe	74
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 2988	4420	chrome.exe	77
PID 4420 wrote to memory of 4616	4420	chrome.exe	76
PID 4420 wrote to memory of 4616	4420	chrome.exe	76
PID 4420 wrote to memory of 2476	4420	chrome.exe	78
PID 4420 wrote to memory of 2476	4420	chrome.exe	78
PID 4420 wrote to memory of 2476	4420	chrome.exe	78
PID 4420 wrote to memory of 2476	4420	chrome.exe	78
PID 4420 wrote to memory of 2476	4420	chrome.exe	78
PID 4420 wrote to memory of 2476	4420	chrome.exe	78
PID 4420 wrote to memory of 2476	4420	chrome.exe	78
PID 4420 wrote to memory of 2476	4420	chrome.exe	78
PID 4420 wrote to memory of 2476	4420	chrome.exe	78
PID 4420 wrote to memory of 2476	4420	chrome.exe	78
PID 4420 wrote to memory of 2476	4420	chrome.exe	78
PID 4420 wrote to memory of 2476	4420	chrome.exe	78
PID 4420 wrote to memory of 2476	4420	chrome.exe	78
PID 4420 wrote to memory of 2476	4420	chrome.exe	78
PID 4420 wrote to memory of 2476	4420	chrome.exe	78
PID 4420 wrote to memory of 2476	4420	chrome.exe	78
PID 4420 wrote to memory of 2476	4420	chrome.exe	78
PID 4420 wrote to memory of 2476	4420	chrome.exe	78
PID 4420 wrote to memory of 2476	4420	chrome.exe	78
PID 4420 wrote to memory of 2476	4420	chrome.exe	78
PID 4420 wrote to memory of 2476	4420	chrome.exe	78
PID 4420 wrote to memory of 2476	4420	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ci3.googleusercontent.com/mail-sig/AIorK4zt4pL6L8FaTXIcEe8uGa66Xejg9SxymRZH1td-ulLjZ1I2M2es-pjHFrpLvkSpQksxm357xvI
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb3ade9758,0x7ffb3ade9768,0x7ffb3ade9778
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1792,i,18394357257944625088,14801348084758548665,131072 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1792,i,18394357257944625088,14801348084758548665,131072 /prefetch:2
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1792,i,18394357257944625088,14801348084758548665,131072 /prefetch:8
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1792,i,18394357257944625088,14801348084758548665,131072 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1792,i,18394357257944625088,14801348084758548665,131072 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4104 --field-trial-handle=1792,i,18394357257944625088,14801348084758548665,131072 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4208 --field-trial-handle=1792,i,18394357257944625088,14801348084758548665,131072 /prefetch:8
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4820 --field-trial-handle=1792,i,18394357257944625088,14801348084758548665,131072 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4972 --field-trial-handle=1792,i,18394357257944625088,14801348084758548665,131072 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3680 --field-trial-handle=1792,i,18394357257944625088,14801348084758548665,131072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3960 --field-trial-handle=1792,i,18394357257944625088,14801348084758548665,131072 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3924 --field-trial-handle=1792,i,18394357257944625088,14801348084758548665,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1696 --field-trial-handle=1792,i,18394357257944625088,14801348084758548665,131072 /prefetch:1
  2⤵
  PID:348

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4528

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:412

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
1⤵
PID:4236

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
1⤵
PID:2744

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3756

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:3512

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:3796

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:4800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\19674d9a-213d-4583-85e8-5c71458baf40.tmp

Filesize
5KB

MD5
87d84aac46daf97921db258ec8497017

SHA1
175c9005d154a171630ae1ee820d27fbb54f9705

SHA256
446d76fc9f1b640d16799f604a120d7c1a61d65c730031fa56aef0b3675519a2

SHA512
706b20ec0c6050689613cd4c6bc20429c826de7a87a60bedc2e02e3a3b8a8945b914f2eef9209d4bd0a6d9a6c028fe04deeb3c26bfa8b4370eed1e6743218a41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1ed9ffb284a6ca2ec2dda9f6e677ff34

SHA1
4f3f5df117ffaead8b5e1c96a1c6f16e4af80a41

SHA256
a9280c376164f018e885064732d0178ae06da29f866ddf5ecd19ca9bda9ffae8

SHA512
443dc179ff7b572d087d1cbdd15f6215001ab3b8fcd3334003402625e9daab1a0e7247e2c3ceb5dada637d51082f69b7b2c89d6fdd017ca4393148319a8b937b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8c4911faaaad9df3d1fd0e08e126336e

SHA1
bd89f53443019b3e7a0dfd608504de8a05ccf2d0

SHA256
054a890c5f0304598338481390f8647adbcb29aed804ccad1665d46e40ede63e

SHA512
9a83745ac177f9a739a40977bb91e63ea858eb31b5e996aa3ba2475d260c862221c1dcb5e419b9175256a6745588232e0f91e5915534a7a54038ebe09503a289

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
3KB

MD5
71e9403993988289e4fefc8e4f5bef1f

SHA1
7b08a57de92e5385ae5fd17368f07477c85d0b98

SHA256
8fa19f23e3d5f8ea66c2ddedc717db843300753624a724ba68e170480d736a85

SHA512
1d0e94603ac80461e538533d5a51d8b198094e8641cbe8315484defbe968eca399344fef181be124792e9631ef1875238ce79a57055934f8ab7ae17409357508

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Windows\INF\netrasa.PNF

Filesize
22KB

MD5
80648b43d233468718d717d10187b68d

SHA1
a1736e8f0e408ce705722ce097d1adb24ebffc45

SHA256
8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380

SHA512
eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9

Download Submit