hxxps://patriotcapital[.]sharefile[.]com/public/share/web-a9cb19d076624d17

Analysis

max time kernel
95s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
07-03-2024 19:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://patriotcapital.sharefile.com/public/share/web-a9cb19d076624d17

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
95	api.ipify.org
97	api.ipify.org

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133543148542587726"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3604	chrome.exe
3604	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe
Token: SeShutdownPrivilege	3604	chrome.exe
Token: SeCreatePagefilePrivilege	3604	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe
3604	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3604 wrote to memory of 3508	3604	chrome.exe	85
PID 3604 wrote to memory of 3508	3604	chrome.exe	85
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 2232	3604	chrome.exe	87
PID 3604 wrote to memory of 3992	3604	chrome.exe	88
PID 3604 wrote to memory of 3992	3604	chrome.exe	88
PID 3604 wrote to memory of 1580	3604	chrome.exe	89
PID 3604 wrote to memory of 1580	3604	chrome.exe	89
PID 3604 wrote to memory of 1580	3604	chrome.exe	89
PID 3604 wrote to memory of 1580	3604	chrome.exe	89
PID 3604 wrote to memory of 1580	3604	chrome.exe	89
PID 3604 wrote to memory of 1580	3604	chrome.exe	89
PID 3604 wrote to memory of 1580	3604	chrome.exe	89
PID 3604 wrote to memory of 1580	3604	chrome.exe	89
PID 3604 wrote to memory of 1580	3604	chrome.exe	89
PID 3604 wrote to memory of 1580	3604	chrome.exe	89
PID 3604 wrote to memory of 1580	3604	chrome.exe	89
PID 3604 wrote to memory of 1580	3604	chrome.exe	89
PID 3604 wrote to memory of 1580	3604	chrome.exe	89
PID 3604 wrote to memory of 1580	3604	chrome.exe	89
PID 3604 wrote to memory of 1580	3604	chrome.exe	89
PID 3604 wrote to memory of 1580	3604	chrome.exe	89
PID 3604 wrote to memory of 1580	3604	chrome.exe	89
PID 3604 wrote to memory of 1580	3604	chrome.exe	89
PID 3604 wrote to memory of 1580	3604	chrome.exe	89
PID 3604 wrote to memory of 1580	3604	chrome.exe	89
PID 3604 wrote to memory of 1580	3604	chrome.exe	89
PID 3604 wrote to memory of 1580	3604	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://patriotcapital.sharefile.com/public/share/web-a9cb19d076624d17
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc7bc9758,0x7fffc7bc9768,0x7fffc7bc9778
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1892,i,5746756594399670449,13337365112602365299,131072 /prefetch:2
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1892,i,5746756594399670449,13337365112602365299,131072 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1892,i,5746756594399670449,13337365112602365299,131072 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2808 --field-trial-handle=1892,i,5746756594399670449,13337365112602365299,131072 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2816 --field-trial-handle=1892,i,5746756594399670449,13337365112602365299,131072 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1892,i,5746756594399670449,13337365112602365299,131072 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3812 --field-trial-handle=1892,i,5746756594399670449,13337365112602365299,131072 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4924 --field-trial-handle=1892,i,5746756594399670449,13337365112602365299,131072 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5380 --field-trial-handle=1892,i,5746756594399670449,13337365112602365299,131072 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5048 --field-trial-handle=1892,i,5746756594399670449,13337365112602365299,131072 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5440 --field-trial-handle=1892,i,5746756594399670449,13337365112602365299,131072 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1892,i,5746756594399670449,13337365112602365299,131072 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=948 --field-trial-handle=1892,i,5746756594399670449,13337365112602365299,131072 /prefetch:1
  2⤵
  PID:3596

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
ba7be82aed1f8b895643b44067e44a71

SHA1
eecc42dd99e0256b6be2e58bf64c54ab8eb5e08f

SHA256
a2321f99465f8d8b10afb62f9ee1ecdb56c8a53e9bc7222b98c195d53e09ac1c

SHA512
2113545bc9bba2d09e0aacf388f2d56cd9e12cc2ec8630e3783e2c3841aed2c6cfbb73ea11faaf07985ee139f66467f1856e778daba2f8a7bfceadbe58a3752e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
aeb3ec6f3f9d8a91477ab0663d049f32

SHA1
edbfe19876b567268b51a14de07e6bcb5045a993

SHA256
89a4ccdbb3ac04626775de3233381c2ab160df468844a1f56a04f471fe7790e7

SHA512
38bc03163af918c97880712e458dc87d7eb7cf60e7f97e9caeb4494b08342e472496c6523f040db4f8b81ff5fe837a0eb6cf6c8a1109d8b45f008fa591dd71c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
221bb397f3f624be73f09b6b36d53833

SHA1
ccf761c409ba88ac66e914fb09230d2d964f2461

SHA256
6f6a2f347ce0929b874142f00d1da67b82da90e5c0c1b806bbba91cd9193add7

SHA512
b4123e3a89a090c71cd2021ef80f3d2d678ae486b31d2e8292010aa1fce2e6c09f3cec79605119b66dd3a1add8e86ca8656a8f70760da920f98fd5efa4fe431f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8b8dc4dff73f5139694f93f377901d82

SHA1
d71d683885bc1962d8c5ee7a42681b258ea78f4c

SHA256
16c2bf4918fd1818e30121830dd3322a7d1ca29dbf49fd46b467ffec531540ac

SHA512
f0e0717b5abc51eb8a947ba3356bd072e18b766288612b3d9e4a53f7fe895c22034cb42104df13a61a009af34ff41c8e3b4169621accbdd87ec50bb4d02dee95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0e8f37e55f51d778849b16ab60c9f705

SHA1
0507e1069187a7a683e6620610f73d2a32c21cd5

SHA256
5b7c29a950838a19ffa7f9364e08c8ada7e85c8a95c6b1aa848e9eca727d2725

SHA512
22570f308d93494af729f04c6c0d27d8098111f7063fd96bb8fbf16e265d81a5354c6fbfae446fbe207dfb0d6f7cf135cffbeba4d608c2925c2783dfe32c0deb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
309e9267a0de64e3f7309a477c436544

SHA1
fbdd812581febf77a4020391cc112bc470bfe942

SHA256
5cfd4b99eb3cfb8337cb7f4f4f09e219e08ec77e6e9e1da50408c82f96d39953

SHA512
f0b0f774e48b86b99a3d2a3e3fd57f5859273f54b957c2a6984551e18ab3fdd4cc8c0452848aead3b6edfd1a83cfa379ae8452619aba293ee7e17a5d2939db16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
adf245ea1df32789f23496fad1b949be

SHA1
bf47e89a73b2ed6f1b32535c94b74177efdee7fd

SHA256
88e35f863642dfdeb62d5c115eb45eac5b1088fda1428ccc493a3553659a9f91

SHA512
8d1daf443fcb416469ecbcb6bc1049068d4c32d94f3148b9e9850baa9af21a318423e15f9f4d5e7bb7c5929ceed7df0fbc4d68873787ab067d59f238e373a283

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
274a336cb1d4c8b4e41f108037ebfe71

SHA1
034c2cebc8b4b4d12e025613d3565f2f61b53f82

SHA256
787f3c1cb45e0178e707396cf2b8ac15f6f02fccc5c0a647e69f795c4ae47443

SHA512
010e793781c18fa7c20e6971f561dbd5441e9bcf6e08fe781559ff71b49de2def5cc4e7605314db739c5a9249095e2f830ecdadb692d0c074fc47fae5f2cd192

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
adb9b1eba82e97a4e1232000f6f6d008

SHA1
63f6648b5710e3e1705793cc2084cf53c324ada4

SHA256
f2c853dc0b3035e6502918d136f122bcf2bdb8a2934526fec518b0effcf62bf0

SHA512
535764b7e314cb2bf21eff147fbd6a71a33a7f59494b09d87090be8f962e50192087a8ebad4a61880005d4229275fbb3dad3159acea5a6dc28a489e95f19b770

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
368452a4cbddb7a728c8eefcc87164d1

SHA1
10c61aa51b3a307efaeab8e38b2e721426e2e15d

SHA256
4e597e210ea1803d1d612d0599679ebd3c5f649fb8e9fc1dd699281e2cb40057

SHA512
d3d4fbd3b2d5ea900967935dd892c11027edeed052cbb0ac365cae59dfeff382be6a92c2cdba9bdd954f501905d5381f1fdca1c485b4de93fc6edb0053753902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
24b714aa311bbbab71523dc59b52d738

SHA1
2b5a9a753a49282dee83ce641a7332929b353b89

SHA256
371f9a2b6c3462d5245806409361c6957a7fdd5ea2979a35c3afd56ab223fe88

SHA512
475e188afe8e734074451898996685d8b21c61aad7b4b892cb66825f3bd6847adecdd34cacb7343d3474b50004bd9ffc6e2d4839b1cf4f6c97c023654b5e57f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
abc52e8b0700813aa9989cb3bd35735c

SHA1
77f66d8e8fdd924da87533af6c96614dbd09e5d8

SHA256
f034cb87790b953e3a571d99e448253dffd3bbd2cb8cb0196b9fd7e71ccd6419

SHA512
35f6eb688cc6a2d768e51358adad5fc8085bb4cf647a62adc5ff75fd943851081aa5c62cf3d865994875abc211140f3354ada87da0d597254e8919f62054b43f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
21e340668b0fac2bd9cc1c90f118b621

SHA1
5051a660d3714e0faa16a17006005a0539a8a02f

SHA256
a7474cea60f58539455688e9010d750964254fe24001c7b227710f7a22ffa6d2

SHA512
a43279fc0871c51b50c0a687b2569788de888486d479f4ec4323f3ce9b9679c2600a4d05ca1728fc1bc17c74241237cdd8189c3832a2424a98a72239e4e0b790

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
1434403f1c9eb1c2db15d197a9cf7802

SHA1
e83865202bf73809e900a9686c7d3583b4808acd

SHA256
23f148d701abcfa1423cbeee00a9b68430b9709a31e4fee69fa162efa0442c64

SHA512
0635ec774d557df52bf6045911da8cfa99ee642d2329b0a9bcf4daa14a1f4c3187ff135520559a5242c2a2c188f66f80671adf6cb86f1f5e28e431e433f28f18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582362.TMP

Filesize
101KB

MD5
450cf8dda08685db8e971b61644c63cd

SHA1
90fde9dc2c7a23bc6581ba53cf3fb2ab4c226998

SHA256
53ed51a1e1f258719ea08f5a1423b5a820ce57f996ab7229525497e7a5421c64

SHA512
3411f3105a20ff8b913bb6a880d0a3c152d8438a426840bcf2c9f6f0127df418f84981c6130be2bffd17fbff87e196de9cf46a6a9ecf6407367d5112a206c81d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit