hxxp://edpuzzle[.]hs[.]vc

Analysis

max time kernel
1199s
max time network
1197s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
26/03/2024, 16:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://edpuzzle.hs.vc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133559439920936300"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1448	chrome.exe
1448	chrome.exe
4844	chrome.exe
4844	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe
Token: SeShutdownPrivilege	1448	chrome.exe
Token: SeCreatePagefilePrivilege	1448	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 2744	1448	chrome.exe	78
PID 1448 wrote to memory of 2744	1448	chrome.exe	78
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 4596	1448	chrome.exe	80
PID 1448 wrote to memory of 2468	1448	chrome.exe	81
PID 1448 wrote to memory of 2468	1448	chrome.exe	81
PID 1448 wrote to memory of 4896	1448	chrome.exe	82
PID 1448 wrote to memory of 4896	1448	chrome.exe	82
PID 1448 wrote to memory of 4896	1448	chrome.exe	82
PID 1448 wrote to memory of 4896	1448	chrome.exe	82
PID 1448 wrote to memory of 4896	1448	chrome.exe	82
PID 1448 wrote to memory of 4896	1448	chrome.exe	82
PID 1448 wrote to memory of 4896	1448	chrome.exe	82
PID 1448 wrote to memory of 4896	1448	chrome.exe	82
PID 1448 wrote to memory of 4896	1448	chrome.exe	82
PID 1448 wrote to memory of 4896	1448	chrome.exe	82
PID 1448 wrote to memory of 4896	1448	chrome.exe	82
PID 1448 wrote to memory of 4896	1448	chrome.exe	82
PID 1448 wrote to memory of 4896	1448	chrome.exe	82
PID 1448 wrote to memory of 4896	1448	chrome.exe	82
PID 1448 wrote to memory of 4896	1448	chrome.exe	82
PID 1448 wrote to memory of 4896	1448	chrome.exe	82
PID 1448 wrote to memory of 4896	1448	chrome.exe	82
PID 1448 wrote to memory of 4896	1448	chrome.exe	82
PID 1448 wrote to memory of 4896	1448	chrome.exe	82
PID 1448 wrote to memory of 4896	1448	chrome.exe	82
PID 1448 wrote to memory of 4896	1448	chrome.exe	82
PID 1448 wrote to memory of 4896	1448	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://edpuzzle.hs.vc
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff913ff9758,0x7ff913ff9768,0x7ff913ff9778
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1820,i,2205776668167804821,4971549964630184031,131072 /prefetch:2
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1820,i,2205776668167804821,4971549964630184031,131072 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2152 --field-trial-handle=1820,i,2205776668167804821,4971549964630184031,131072 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2816 --field-trial-handle=1820,i,2205776668167804821,4971549964630184031,131072 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2840 --field-trial-handle=1820,i,2205776668167804821,4971549964630184031,131072 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4500 --field-trial-handle=1820,i,2205776668167804821,4971549964630184031,131072 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4784 --field-trial-handle=1820,i,2205776668167804821,4971549964630184031,131072 /prefetch:1
  2⤵
  PID:484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5240 --field-trial-handle=1820,i,2205776668167804821,4971549964630184031,131072 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 --field-trial-handle=1820,i,2205776668167804821,4971549964630184031,131072 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 --field-trial-handle=1820,i,2205776668167804821,4971549964630184031,131072 /prefetch:8
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1556 --field-trial-handle=1820,i,2205776668167804821,4971549964630184031,131072 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5764 --field-trial-handle=1820,i,2205776668167804821,4971549964630184031,131072 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4788 --field-trial-handle=1820,i,2205776668167804821,4971549964630184031,131072 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 --field-trial-handle=1820,i,2205776668167804821,4971549964630184031,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4844

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2648

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D0
1⤵
PID:580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\2990d590-0fb5-4736-94ef-7fa303d60c5f.tmp

Filesize
130KB

MD5
d437614522417d5c87b304c96ffa1d5d

SHA1
c1d002d3fe71a49d2b2a79e823a328b6ed813672

SHA256
b2118e12b65a1df8fdf58da95521b3e15a8c37e2c3380775925872fc51c8ee01

SHA512
c1f4a0df7c06a0785118579157b901090b78e15577cf0a3f9e400a49e7642798aace7e296dddefa74e8769aa28e35e867b3d91c8f22a606939e0cf2f8ddc46d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
197KB

MD5
5e28e72b443ded036a4cf369d0dda3bf

SHA1
0500de4480a54243b12d096745c6ba04c9479e66

SHA256
15fc7a054efbb9f76d937448fbb4814d7b3f25a6d137e24c1a69e32947eae71e

SHA512
7d17a5248e54e4dda8fd17a4d662edbb274629161a1e25b3b7f7f5112541663a5040788177268c53b2c78bc7e6d2204ccfb342d93c2ceec0a12d8a41788c088b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
be438830a1ab21e4f929d969f0979a78

SHA1
37c54a3c3eaf0884a1889046dbdc62feb439a841

SHA256
d5e261916643cfbc567d42695fdb551837e74c5344943cf6b594f909e745925c

SHA512
fe2de6c7b619bdd803009d259179fe77d5f58798c11eea1287b63fdb36dcc26be9c6d8380c343d39ea78c3a33d967feb5f22960fe21f20f3b7070ec050c80a0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
4855dffc415f7ff1bd4db43c34a9ab01

SHA1
381525b6b826795bca3c850f82638d007489e06a

SHA256
c29cc536ebcb8a3b3ceae7f202169b6d4bb2f9609d7c4eb90a1871647bb90989

SHA512
4f8f42fbaa81815da5c28afa4afbd61aa7ac8d65bb9ff54839d742d8536b44f6fd7a7f289d217785a36c95d6a1014f3bce1f752b5496daa5ca409512c3241428

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
e30711efc665ab89e234b2c9cce82120

SHA1
d4b2b2858259420fa74703da0470391270841ee3

SHA256
5dec34035c77400c322cf82116c02751515426811225e5c864a73d9e0a47a58f

SHA512
e90bb9c59a6c23155e322531def9c614ecebfbf131babca40626b3391a14cf83924031ab1ea8d36dd3de77fcc0b558a15a2eccf76d19218fe7ba960d8d23aa96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9aae4c4e1cc0c8f215e11c50b4182898

SHA1
f0e36749b9048ba7a9091bbf8cf4f6e23b876815

SHA256
b19e113b411de43a5d3d072aa501866bd9cbf48565144bf0ba16f7a0cce93647

SHA512
e6e6813f86252f5d3d3516bee17ee08069280e0593445e001042e5fc65f65c377d0e17ed8de320b7109f14df0065de0c48bc46eb517e8ec36a410a785a5cf034

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
12da9a3e31e7f9a5a89c46ee2449e827

SHA1
4de6b3c6b137e4030bcb9b883cbd2a482818fe63

SHA256
d10c2c56cc864943cdd195803f25a78ca21159f0869bc75f276532e478e491d4

SHA512
4636bcde8f2329bf3fd5ae05bff6cfd0d8dc89a1af589f7640bab365012108018623a02ac7be4a6711eafa55a18304d77061d9b892996d30737e3507e6918e36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
48de0243bd5e00aeca7eef79a925b95c

SHA1
f6349e6dc57dbc710921c41b17eb9e77c802a6e5

SHA256
9697e93d28c6268628e6631c7cdb9dff0ed5f14dabe1f2e2433b644cfaf14e10

SHA512
4667293712d44b8ef4de436d2ef5471fb82c3e2e53d9fe49d5ac73005f3b449720d2bff88a6a285e239d93036272c3503124889e42f029afa8c960adbe34c9e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
699B

MD5
a13b71771eea87d5b2cbfa577691644a

SHA1
9a95ea188a8b38a0ec36d3900b4db9589e19f8a0

SHA256
b0ea66e7e7a44c13d50062fefd67d8033199fa43ac37951a6989fee0df51a4f2

SHA512
6a27043a2200fafd1bb96862824ca39897fff946b7f48e51d797cd147a95a888171a98369722189fc9b3cec3ef43da1bb0c8cc1b6e63a5c3d7e23e0e34557ea1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a856364efe9c22191b2a676eed2524ed

SHA1
db7f7d36afb168138fd6766dc516482a7484cd72

SHA256
f440072f17dec39f9a0f014b02b1c9fcb740ddaf3f49ae9bf9acc5d7f62bc3d4

SHA512
a29c59d15a28719aed5ca882a8301293753b73c6a7cbf2b68b9f310580c0e666a9f9f41f4c34e37b9bf07d510bf38f55d4379f6961e686bf79f184217d09c2b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b8f7a12e5497af84b91f27705d1dccea

SHA1
74bf6ba5aa03b21f6d4765099c77e5b90d9f83b4

SHA256
8e64bcc199a7f75c649af140756487ba5eb7f221d4c103e471af28c69cfe9c49

SHA512
c246c8d8fc2e7e70533e4ae0febcfe38cda7ccfd666c9543c84ab189746859514582245438dd274f2700fe1748d89f925f1a8e2dd14e3ecc7fdf6aebe7c5a464

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2db1cc407a8f064744b9500c169fec26

SHA1
9219a82ebc2a636502454e91486d0d8da907bcc4

SHA256
87b3d48cb6160b798bc615fa8168ce9c5e645f40255780b9ae30660c49147452

SHA512
adcc66c9bf8d1e1824375cd9c66789d3b92a82d5b8cda79d7a885d18d77e7ac9be248dc15270503cc098711c3d22c0e5f5ddbd6c2b663696888ce7e00f75b444

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
0843ec03782a63488331774db2a1754a

SHA1
bed0ca87ffbce1eeacf6dccc0222bd0cde572ac8

SHA256
70dbd9aefeb66f1874906ea5e784bcee26d6aec3116e80aef9fe2d29b771d8cd

SHA512
32aa256c3396c308002a3c68d2c427b15de621d2cde8bc9feea8ab720880f06b7c4890cb5e3798cf907f18fbcdedfe2d3174ed0544ec7b51e120d26c52ea21e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587e34.TMP

Filesize
48B

MD5
20a3f3e94744b8069d21d0e66798efd2

SHA1
83da650917af9ec0b56d19e7e2f4b15348693a3e

SHA256
5ee302b792a4d97016435518a8bb84cfcd801e23e925d8085a14946cae990346

SHA512
680c46a0e292afc79ce131f798bf61169da11502a1042b1442bb06c3c3d9eea2867725cfa62f3c37940a8ed4f8beabf603128e4597363856e79fd8d69219a5ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit