hxxps://drive[.]google[.]com/drive/folders/1q5ublvf72jwbQUhkXjR3Eg-yXQCXkL_0?usp=sharing

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 02:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1q5ublvf72jwbQUhkXjR3Eg-yXQCXkL_0?usp=sharing

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
10	drive.google.com
12	drive.google.com
13	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133559808639277913"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-275798769-4264537674-1142822080-1000\{2B1CAE25-5E8B-4106-B950-B16C9675F344}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4952	chrome.exe
4952	chrome.exe
5708	chrome.exe
5708	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe
Token: SeShutdownPrivilege	4952	chrome.exe
Token: SeCreatePagefilePrivilege	4952	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe
4952	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4952 wrote to memory of 2520	4952	chrome.exe	88
PID 4952 wrote to memory of 2520	4952	chrome.exe	88
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3872	4952	chrome.exe	91
PID 4952 wrote to memory of 3580	4952	chrome.exe	92
PID 4952 wrote to memory of 3580	4952	chrome.exe	92
PID 4952 wrote to memory of 4376	4952	chrome.exe	93
PID 4952 wrote to memory of 4376	4952	chrome.exe	93
PID 4952 wrote to memory of 4376	4952	chrome.exe	93
PID 4952 wrote to memory of 4376	4952	chrome.exe	93
PID 4952 wrote to memory of 4376	4952	chrome.exe	93
PID 4952 wrote to memory of 4376	4952	chrome.exe	93
PID 4952 wrote to memory of 4376	4952	chrome.exe	93
PID 4952 wrote to memory of 4376	4952	chrome.exe	93
PID 4952 wrote to memory of 4376	4952	chrome.exe	93
PID 4952 wrote to memory of 4376	4952	chrome.exe	93
PID 4952 wrote to memory of 4376	4952	chrome.exe	93
PID 4952 wrote to memory of 4376	4952	chrome.exe	93
PID 4952 wrote to memory of 4376	4952	chrome.exe	93
PID 4952 wrote to memory of 4376	4952	chrome.exe	93
PID 4952 wrote to memory of 4376	4952	chrome.exe	93
PID 4952 wrote to memory of 4376	4952	chrome.exe	93
PID 4952 wrote to memory of 4376	4952	chrome.exe	93
PID 4952 wrote to memory of 4376	4952	chrome.exe	93
PID 4952 wrote to memory of 4376	4952	chrome.exe	93
PID 4952 wrote to memory of 4376	4952	chrome.exe	93
PID 4952 wrote to memory of 4376	4952	chrome.exe	93
PID 4952 wrote to memory of 4376	4952	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/drive/folders/1q5ublvf72jwbQUhkXjR3Eg-yXQCXkL_0?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc82ae9758,0x7ffc82ae9768,0x7ffc82ae9778
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1808,i,4181422951035948139,4167230855061006917,131072 /prefetch:2
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1808,i,4181422951035948139,4167230855061006917,131072 /prefetch:8
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1808,i,4181422951035948139,4167230855061006917,131072 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2864 --field-trial-handle=1808,i,4181422951035948139,4167230855061006917,131072 /prefetch:1
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1808,i,4181422951035948139,4167230855061006917,131072 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4808 --field-trial-handle=1808,i,4181422951035948139,4167230855061006917,131072 /prefetch:1
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4956 --field-trial-handle=1808,i,4181422951035948139,4167230855061006917,131072 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1808,i,4181422951035948139,4167230855061006917,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4032 --field-trial-handle=1808,i,4181422951035948139,4167230855061006917,131072 /prefetch:8
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 --field-trial-handle=1808,i,4181422951035948139,4167230855061006917,131072 /prefetch:8
  2⤵
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5420 --field-trial-handle=1808,i,4181422951035948139,4167230855061006917,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5708

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
198KB

MD5
cda68ffa26095220a82ae0a7eaea5f57

SHA1
e892d887688790ddd8f0594607b539fc6baa9e40

SHA256
f9db7dd5930be2a5c8b4f545a361d51ed9c38e56bd3957650a3f8dbdf9c547fb

SHA512
84c8b0a4f78d8f3797dedf13e833280e6b968b7aeb2c5479211f1ff0b0ba8d3c12e8ab71a89ed128387818e05e335e8b9280a49f1dc775bd090a6114644aaf62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
ab76d1e23feb8b1dcdd0fdfd6ad33f86

SHA1
7f1052239118092022c97bbe2e80c6e1399440f6

SHA256
eaf2401a6ab2d94864a903f4100f2e4271f005fcc404785f91dcce68ac1f7812

SHA512
4d0d4a77be86bb7ffebd07eea3b8b36a67a46cc118fc7eccd5e58d7257d274f72eeca99d67a63073b1b902e16cb5304745039d2345c580042631a08f0e7ff0b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
42c9ca800cd42bbfe83bb670668de9ec

SHA1
b4bb1e461a784fe615c206a89961f723228974a6

SHA256
8ce4d9c1c811ded59dda79ad4fa38be2e3cf92c3e7d8276277b84240d492b206

SHA512
3b5a12b9e8c06609452ff387e084d4d17d4d19783265c2f9edaf25c4ade7cd671e25766f1eb4662041275f90a40f15fc4d4b79464472ac2c673092ef48ef07f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
07baa0bd2f00913faea0977da1e6c5f3

SHA1
0531ae3643b25db942289bc32255ff40b0efd9f3

SHA256
9ebbf55bacb45ad47dcc05cb33d994f4f32d1173571c805e3359559c0e642034

SHA512
0b38490ad861db024f13c61caddc655e7def637753ac5674ee1ffe2fa3c59de6fe5289126c8336891f0f132fe05a23cc3051590de8651d38c14519850f99376b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
37c477771f4d157e1d2b21a142a74c57

SHA1
7be925579f4177b54edaccf7aab5834b0ad0f3db

SHA256
fd90f8950e91717987c1e08741c86629d480d52ec0ce7849132dfe62e6b4d37a

SHA512
6e03a3504e53b4789f35065d5a2b82fff521b6222f4001b627cf4c25b17052d06b3d5063d2612cdb023a67f753a400d6e89dba1a2ccf7854013e7f0ee9ec4212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
1325eb6a990eee17e54520d9195c1260

SHA1
8e82f15cac05ed22a388d75009175c4d55782b87

SHA256
2999f857363d8df4516a77e1316b501cfe2aa4e723cac2827c7fcc5581a1c3b5

SHA512
2202ced0fa1a1a6cc478b9c584ed2a852b1ad777624db6278ad038cc4868797f3b7fd34bdddf176e60af204d5970145f2fa60c4cdde19d4061c9cfd62402873d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
4684077d758b5c080ee1e2b0fc836479

SHA1
02b0a220b6a4ccec3130c6bca6c3197b4c6378e8

SHA256
29be883b7a457b117404164f2ad6a8b5079973fcbf89938c2cca80bc3a2518bd

SHA512
8ccdeda14f3a115295d8a3be542240d1d70073a347519049aa26b8ba909ac5b5541965329c668d3a77af165736f47c55e7af45ad789c164ab225f9f3b3327e64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
26c287a0b34cc7873cd94c9293e65e3c

SHA1
5df0851737498f6dbcc0a764574306d8b68bbe7c

SHA256
9f26c2dd615614da0f0d74eb0590fa4deff59aec4c0e20250f95b25ca9e0e5b0

SHA512
78d01571767350b6db723c6545e06323031769d5cf1d94cb19812bda96c59ce7501b3d4b72e53307095f94c1dcf847d7823029e0c8de314f361ba0380585c764

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
69bb1575ef23bfa74c356bcc447900a3

SHA1
5724d77118fa9e2d76866f3cffae68d3cc4fed91

SHA256
360d8af5ca1fd5153f28ecd51356790873c203d5409cb041cd4a92301104ccc2

SHA512
cf6c03d4c425f4b24cfae5070fa15a452e9d4ea6aee3bb4fd78531d6512c13e16a1a850793224fb9152d84d2ee670eaa91dd697c5c2ae451d44ccb40f297b394

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
36c21a0f5b623135c43e0bb7f2957a53

SHA1
18b2a8aa3dab8d85201c01736a1a91bfe0c0acda

SHA256
917677e491658973085303d9fd4174cb1ead8c4d3dbb7a177baa3d33a96d9ff3

SHA512
525ef1ca7fe6732dd7eb7c247edf33bf546b1646bfd9fa57a5a0b0a755a4554138af6e52b5e78b624b505f7271a0e0dd0e95a59dd1389a2fc4fabd35759a10bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2016cefd3edad490a53d49771df2408e

SHA1
fa07e211b4e022468c6b6ccb4a9c21415714c6fa

SHA256
ca398e5860d6a3fb593626a003d2a941bf7b27883510ac1c064dcc5c66175eb5

SHA512
f09647c277ce5217cf747c23feb3f67ac1d1b47371928cc773f390a31349205275fa667d6b4bd2ca56a51f62e1c2b5fea6d51ad40a0943d4cb4658b3d524d800

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
91b9d45f714a152caad68864b03dc722

SHA1
41d748794eb25512ce03ad4fefdaf4aa77bae953

SHA256
15ee6412c3a208f7120e58ec6441883bd19fe05fd8ab1f29661dba6afb7f0c12

SHA512
735548f1e8872a45658c2854f72241ae74c1ef7f600a12ced5c9435ef288fc1920cea3fd3d3d93de59dfb497ebcb2f3c1097990e5f64b9219eb96d6c8d2ef3ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit