hxxps://padlet[.]com/rayben2066/nadege-carpentier-shared-view-document-with-you-3op1a1wxufbnz9fu

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 13:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://padlet.com/rayben2066/nadege-carpentier-shared-view-document-with-you-3op1a1wxufbnz9fu

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133547229211944522"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4212	chrome.exe
4212	chrome.exe
1016	chrome.exe
1016	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4212 wrote to memory of 3604	4212	chrome.exe	89
PID 4212 wrote to memory of 3604	4212	chrome.exe	89
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 2668	4212	chrome.exe	92
PID 4212 wrote to memory of 5116	4212	chrome.exe	93
PID 4212 wrote to memory of 5116	4212	chrome.exe	93
PID 4212 wrote to memory of 4728	4212	chrome.exe	94
PID 4212 wrote to memory of 4728	4212	chrome.exe	94
PID 4212 wrote to memory of 4728	4212	chrome.exe	94
PID 4212 wrote to memory of 4728	4212	chrome.exe	94
PID 4212 wrote to memory of 4728	4212	chrome.exe	94
PID 4212 wrote to memory of 4728	4212	chrome.exe	94
PID 4212 wrote to memory of 4728	4212	chrome.exe	94
PID 4212 wrote to memory of 4728	4212	chrome.exe	94
PID 4212 wrote to memory of 4728	4212	chrome.exe	94
PID 4212 wrote to memory of 4728	4212	chrome.exe	94
PID 4212 wrote to memory of 4728	4212	chrome.exe	94
PID 4212 wrote to memory of 4728	4212	chrome.exe	94
PID 4212 wrote to memory of 4728	4212	chrome.exe	94
PID 4212 wrote to memory of 4728	4212	chrome.exe	94
PID 4212 wrote to memory of 4728	4212	chrome.exe	94
PID 4212 wrote to memory of 4728	4212	chrome.exe	94
PID 4212 wrote to memory of 4728	4212	chrome.exe	94
PID 4212 wrote to memory of 4728	4212	chrome.exe	94
PID 4212 wrote to memory of 4728	4212	chrome.exe	94
PID 4212 wrote to memory of 4728	4212	chrome.exe	94
PID 4212 wrote to memory of 4728	4212	chrome.exe	94
PID 4212 wrote to memory of 4728	4212	chrome.exe	94

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://padlet.com/rayben2066/nadege-carpentier-shared-view-document-with-you-3op1a1wxufbnz9fu
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc788a9758,0x7ffc788a9768,0x7ffc788a9778
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1880,i,2032792236717877785,2151120369961580482,131072 /prefetch:2
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1880,i,2032792236717877785,2151120369961580482,131072 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1880,i,2032792236717877785,2151120369961580482,131072 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1880,i,2032792236717877785,2151120369961580482,131072 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1880,i,2032792236717877785,2151120369961580482,131072 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 --field-trial-handle=1880,i,2032792236717877785,2151120369961580482,131072 /prefetch:8
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 --field-trial-handle=1880,i,2032792236717877785,2151120369961580482,131072 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4848 --field-trial-handle=1880,i,2032792236717877785,2151120369961580482,131072 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4820 --field-trial-handle=1880,i,2032792236717877785,2151120369961580482,131072 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4808 --field-trial-handle=1880,i,2032792236717877785,2151120369961580482,131072 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2700 --field-trial-handle=1880,i,2032792236717877785,2151120369961580482,131072 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3064 --field-trial-handle=1880,i,2032792236717877785,2151120369961580482,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1016

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8319c833b9a4b1baf03856bea19d3719

SHA1
2950eb166cdcb599684f012cc0bea23bfe3d7b8a

SHA256
9add2b7f32ca4899b95a9a4ef51ed89ea7c7ed5fb26a563a93a0a3b2c0fcd5df

SHA512
5f2893c28986085e69f2e72f9036616bd72c3c47ca8e8431c23fcaad500063afa9425586bed14d0b32959271fcb80e35ea827cb8543d637e95fa4de03f75317d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
39df5e5b8dfa6ab49994bfe9c2634390

SHA1
42c2c26562c2d9e1c93adad81d87cbdbedeefcf2

SHA256
e5435a67e1bd078c14302c2906d0dc3eef61e3b06b6f41ee27518f1039a20753

SHA512
8b33b344b484ec89f563dbe155b2bd8d8e4e8230e3b748b65d2ff78d67970b8532f158bdf1cfcd1a716f8140b499348a5a14368a25e730322914b48cc769b255

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
48c46019119b179146a81f88fcc471f0

SHA1
0c05258bbdbd92ba87b3fdfb28cbab741993f313

SHA256
b694527c670997d14522263ebe3e047860205c91a50c4fa239f0bdba9ee90235

SHA512
74d21b5aec8d676719f88a6dbe2fe878897cf2e15c3fbb094e5077e59177d56bf65a7ceec89f3b15dcfc675898867d7b70e675fcb373e8c580d22538a131803a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
78e929944fb1aca6130a312f9e1dac99

SHA1
933a9afeb83760be31aa9428e16bcde41bad39ae

SHA256
2878cf30083c3eec1c21bafdcd9193d4093e98777040dae9daf5c47f268b7dfa

SHA512
f7909ff8cca00b2f237942f89f80c18c0e4456a7bfe1c9382335d7a625283296278d38ef95aeeb71ecd9e1733cc2ff18413befccfd2aa7f2f58b66f0805d8a47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
143651b7ce33edb6474c8f36107c83b3

SHA1
abf07bcd1198054bde28fff049ae2c9724a43d01

SHA256
84771d15818366a2b537d5beb92cfb484a89bbcccc2a353f09b445867174e189

SHA512
2c2fa0e3da0883139bf854b2acee5043de20bb3b7cfc2920a87dd638029b4a5be9ddfebd57221916934b0c83350ad674e1f19fe8a8eb1b3a07818480285da1c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2f7b852d8d183166dc6738b8e11be7c0

SHA1
f50d0e0c2c6b97791e7cfb57706b53dcc9219da5

SHA256
0e2c57447ebdfcc085c94b98c417955a8f0648847dcab4bb836f05da4370b334

SHA512
a5445610621cae2632b52b9cce3c2b679be1a28813127e1e16f73093692676ae37907165c0256383c57ce6addb8dd0bde7362a7db1177f69243a43d75694d7aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
65ce945b725724e78fc02ad9e6bf273c

SHA1
99e3cafe61b0231be736865f76405110ffe840f5

SHA256
2f3145d1b0abff7531ed80b4d60b24a86ac8eb51df281002cae41a58644fcfe8

SHA512
ae36919965610f2a967a117c684bb0565b9660f35ea483714448a4bd28d15ca075c4d6f9b93fd3b7fa22078dea7bd3945e2ee56252f2b8323f5d00ac0d5549b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3b4590e251b84b8cf6d2c3835cacbf5c

SHA1
d5746e46619f24bae251a8334181b890ae1685e7

SHA256
26b3d3e84ffed4e426b482f39a93d0db5e1aa7bda17194eda3ff33193b5dd278

SHA512
fb67391e9b27cbddd2fa8bbfa50b83a7c7d3399942cf28bc4d99146ba9ff60e084b0584bae8cd0fda673fcde57398bea0cf205b0e7435757917c54f106ad069b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\11cf67ed8a99b1f7c507807344374751b409497d\65b963fe-d5d4-48e6-8c64-72ee9f2f363e\index-dir\the-real-index

Filesize
144B

MD5
b8e8eebe2e653d69788cf706b5e2990d

SHA1
1d9b4e1c541389ea5323d015cb924d12c5ffa084

SHA256
3040fc4d0a47759633e4afae48f9a8e443b91ba376d211231b94f7e3c1c01b42

SHA512
e6fc479dc00f2487f66557939773e0b887042cd473c30a70fc4d2a810af6019effb41d0364d1ae59db364c5771a8923c1603fa77f19cb405cf23691c626da238

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\11cf67ed8a99b1f7c507807344374751b409497d\65b963fe-d5d4-48e6-8c64-72ee9f2f363e\index-dir\the-real-index~RFe579b27.TMP

Filesize
48B

MD5
56551c7d9b028679a325f0e016ea1d40

SHA1
eace1b827fc4884789e9d52fa3856ce0d2b641ed

SHA256
68c0e6301aa97ea8df89c5a625e6cdbe13ce4647322e0b4e8f5e763637fc210d

SHA512
62ae3a02627368ec60fc0745f87f841e137bc191173d1782a685ec441e03ce0551969086cb49f53fadcdf2923849900726f664a3297da2e36084f470a0601c3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\11cf67ed8a99b1f7c507807344374751b409497d\index.txt

Filesize
115B

MD5
5d3c79f28323a7736e63b4797f7d6497

SHA1
8b49c6d533360e28e9e628988e55e5f8cfd3703f

SHA256
395f566e311bffea094cc9d45775618d5dbfefefd85133fca8ca417eebc1ab59

SHA512
342e512f1dd01b9ef2ad86407315255e3c9ae5d67060301b095d2f08ce491355b3ab1543ec7850f612b3ba26fa61f23d432cc0b45189c105bce723909d3e79c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\11cf67ed8a99b1f7c507807344374751b409497d\index.txt~RFe579b65.TMP

Filesize
120B

MD5
19a9c2f3e001d11151bd9f85922ce17f

SHA1
41f1bcfc3a4f05918b452a252b70c93a469a1a21

SHA256
ce4ba37f609d7f8bcd31b4df8450a07bd1cfa6c78fd6b880dea1f40a218df6cd

SHA512
5e418576cea7eae5c3ea6f7f2674c3d59e9eb7178c32bbd3f29e7ff5847deebfd93907c78d510e31333d5b9bb4ff87d0354e39ed51a20e2ea9595132d49a001c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
168B

MD5
a713b8e46804eb701307776aba93d82d

SHA1
274d261c603ac928e048604af6db07a3a824e6da

SHA256
134c053c4456948c7e3a76f2c7e77a22b1de03de3bcdad0522b03d3ee116e3ab

SHA512
39aaa4aabd3af3553ae762fe4fbb7e515f47185b2c57ebf809276639838dcb6a06b403e5b0f11a06829fb75db672c460489f1f3099b6e100634c028cce05bcfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5799bf.TMP

Filesize
48B

MD5
e2774fc233e75d06e010ffe49d4bd3ae

SHA1
fadb9ff6b6c36bdf94f6c51243aa4589a12c64bf

SHA256
1b4344b182a72e3cd01e5e19cc5b3efdfccc9e9dafac4d5f5c16ec0491e897f8

SHA512
07e80d872cd1468980275478572eb1ba4f3aa8488de9333560b2dc3ea1e1d5c6cb832f1af0eb460f05a5c00b628192965152c2872caccc891bf89e50bcf839e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
90a79e72dd7e8682421d3dd342421444

SHA1
228ce7b08e091af83e4c6f2ae7870f2e43333544

SHA256
3d398285af029d669b4461acafc7712ad4f6c51d755c0319d4ac1d47e82ffb54

SHA512
457eb2bd57d814d755681fed817dab3376d2d47c01ac87e96c52f717bf496d6bb1c143d0ad20b47180d5be7288df311ed72f4c598a5eb585449e7b75edccbac3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
b830266fcf3f478388a9cd85f86fa5a1

SHA1
6c3eb170c9196f02d15ce11d7c1739eec41d256e

SHA256
85b4ea646aa48fe2193fbdd1eec78544b850d05c7dd9d91c1686358991ec163d

SHA512
91a2fd912b0325aa4819f6432b270b68584fc65068850c1288f85fc885834fd05824e12ec98f02793a1fdf41324a39f623c861940cd2b5a295d21fe6f0c9feea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
728a9c7a1ddc097f8916599184d69676

SHA1
bbc0bb9fc756245014c0186502ec4ce17e6aff75

SHA256
97f004f4757dc6ccb904185a3f396685bf7fe33d49f957f8b2336da21b8cb17e

SHA512
3e3bb36094adf91d08cba5684d870d63edd63a84387e92c00b76f4f95aec63d61838ede6c55b3857eb1c995bea06ad09587eac81a98366a674ddb91cf6fc27f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\da8b47a4-727b-450d-8a31-2d1a90485450.tmp

Filesize
128KB

MD5
6a759c5b0a1bac9a9bf9d16df0b78d85

SHA1
77e62c5a037b388051737c61689e60d9cf0730bc

SHA256
fb96d7970a5f7b8f376a37913d7c238ec484cda6bf6e175227ed56865f9f1234

SHA512
4fde4694ce9b0c71dff35798a5dd5494cc76affa86786daccc84cdddaa14425030822e05e58f29efd6e65142fe882c4e79aa893c06d13d904dd902a6e45b2dff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit