hxxp://* clicnews[.]com

Analysis

max time kernel
113s
max time network
92s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
05/04/2024, 10:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://* clicnews.com

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133567849128623943"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2312	chrome.exe
2312	chrome.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
664	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe
Token: SeShutdownPrivilege	2312	chrome.exe
Token: SeCreatePagefilePrivilege	2312	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe
2312	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 4792	2312	chrome.exe	78
PID 2312 wrote to memory of 4792	2312	chrome.exe	78
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 1880	2312	chrome.exe	80
PID 2312 wrote to memory of 2560	2312	chrome.exe	81
PID 2312 wrote to memory of 2560	2312	chrome.exe	81
PID 2312 wrote to memory of 1692	2312	chrome.exe	82
PID 2312 wrote to memory of 1692	2312	chrome.exe	82
PID 2312 wrote to memory of 1692	2312	chrome.exe	82
PID 2312 wrote to memory of 1692	2312	chrome.exe	82
PID 2312 wrote to memory of 1692	2312	chrome.exe	82
PID 2312 wrote to memory of 1692	2312	chrome.exe	82
PID 2312 wrote to memory of 1692	2312	chrome.exe	82
PID 2312 wrote to memory of 1692	2312	chrome.exe	82
PID 2312 wrote to memory of 1692	2312	chrome.exe	82
PID 2312 wrote to memory of 1692	2312	chrome.exe	82
PID 2312 wrote to memory of 1692	2312	chrome.exe	82
PID 2312 wrote to memory of 1692	2312	chrome.exe	82
PID 2312 wrote to memory of 1692	2312	chrome.exe	82
PID 2312 wrote to memory of 1692	2312	chrome.exe	82
PID 2312 wrote to memory of 1692	2312	chrome.exe	82
PID 2312 wrote to memory of 1692	2312	chrome.exe	82
PID 2312 wrote to memory of 1692	2312	chrome.exe	82
PID 2312 wrote to memory of 1692	2312	chrome.exe	82
PID 2312 wrote to memory of 1692	2312	chrome.exe	82
PID 2312 wrote to memory of 1692	2312	chrome.exe	82
PID 2312 wrote to memory of 1692	2312	chrome.exe	82
PID 2312 wrote to memory of 1692	2312	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://* clicnews.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaa90f9758,0x7ffaa90f9768,0x7ffaa90f9778
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1804,i,254746631178743501,15696034097125392822,131072 /prefetch:2
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1804,i,254746631178743501,15696034097125392822,131072 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 --field-trial-handle=1804,i,254746631178743501,15696034097125392822,131072 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1804,i,254746631178743501,15696034097125392822,131072 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2932 --field-trial-handle=1804,i,254746631178743501,15696034097125392822,131072 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3848 --field-trial-handle=1804,i,254746631178743501,15696034097125392822,131072 /prefetch:1
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3984 --field-trial-handle=1804,i,254746631178743501,15696034097125392822,131072 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1804,i,254746631178743501,15696034097125392822,131072 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1804,i,254746631178743501,15696034097125392822,131072 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3916 --field-trial-handle=1804,i,254746631178743501,15696034097125392822,131072 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2168 --field-trial-handle=1804,i,254746631178743501,15696034097125392822,131072 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1672 --field-trial-handle=1804,i,254746631178743501,15696034097125392822,131072 /prefetch:1
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3780 --field-trial-handle=1804,i,254746631178743501,15696034097125392822,131072 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4816 --field-trial-handle=1804,i,254746631178743501,15696034097125392822,131072 /prefetch:1
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3312 --field-trial-handle=1804,i,254746631178743501,15696034097125392822,131072 /prefetch:1
  2⤵
  PID:5140

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2720

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2308

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:2220

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:3760

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
1⤵
PID:5584

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:5740

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:6056

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5832

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\DisableDebug.cmd" "
1⤵
PID:5852

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004EC
1⤵
PID:5420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
678B

MD5
98822f34680f168313f7df4136ad69c5

SHA1
116b3b1c82bd256600b2654c3e5851b9d53dc4b4

SHA256
94feed2f16ec59985c905f2dd619b2b61d17296dc5ecb19b819253cadf463827

SHA512
1061743cee62fa123b03120b20dda742c6b1f05f9d74404e9389e19bd9475f223efc7d0fa6f3ae004f4dbf34a1869ad326d4008e37995061089228971e84fcf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
301b94c53f5da07fcd0d762e081642ed

SHA1
a332830897673da9b93f2271b7a4e737c5e09f35

SHA256
14c024c697bf4336e06159561ed90479287c2248f7cf3b92b7725ac837fe4110

SHA512
daf462fb1d479910fd370e811a5d34f83c1d5b2d077185b2916feb2775f28f3a3d0a4ec6ce90fd932e03f2589a17f2c2b7effe00944f7d747d896ab2e1e8bdb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
834ade6e027ae245c71f6d4f1959bd48

SHA1
b63d3472d4654abb2070a261af7fced1098583e3

SHA256
43de863f23114a788f77829d20cea206858e5ada9e4cfe4c53611552ba6c34c9

SHA512
da024bc196e44d81916a4138e4d2e988e6e7c839a541bff02493c00d4f113c6f8ee540d23da6ae270d248f237d2cae974932fe4452590664b5af9f902c4be2f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
78e23856e7b174816090c1444a6bb4c7

SHA1
65a37b7cde558e0860dd16f9a09c5e1f0d0bdbab

SHA256
934b04e52df70c401b8ab8a72420d6c750e7adbf26eb4a9c6ae4b42a69fd5778

SHA512
b0aa50162bd55e528cb30b61db01230464520a73c4c2c42b446b05627b681c9eaa61ed00fc717df942330f75cfb909ecbb4a3e2aa243b7a28ffa958b4223af90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
1ff4eb8471a94667b617aa843b0194fd

SHA1
6b91c5090ea73b188e8a0c5267e1bf8f0a68f5ac

SHA256
f126e02d7ba86cbb5e7ec6711a278448904d5a11a2b133d6023c0647ad845c49

SHA512
afef9357409308cb6cd43c0f931b05ece1b6a3726c4be99bb9416054a7674680cd7b7b9b92b9f76379ea9f6f40296b069dd5adce63d4302163ddf5bb6b07b5f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
d69152469dfc8647ca4f6ac7ea4123d2

SHA1
4844979a754657e8236351ff3e7982e8a1a97632

SHA256
03f54ff3d75a6b0cdfd8165069a2d0c36fd65b25dfe75e95a498b3bb506254cb

SHA512
a5650c41f8f2e97fdada99dad27846b443615c0d279aed32bf4992414ec7b7aaacb2c393a4578d85bdf970e6ee733013c9b252c0fa32aca026f66ba950cfc8d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
0a87ffd27f7ec6c96e9c9a50a1b2cbef

SHA1
7ccacf81b686d595d3faec0c948622e6a3791eb0

SHA256
f13ec69e6f19cee845e4aacd80a7e04cc8d2d297a82a1ef4753479ba9cecbfd5

SHA512
f4a6150d4a91558410f210a953138176c2230acd42dad958f61aca46cfc1b7f402ae851f77dc157e6a92f0c3518da909f9ad101b32f83cdbeeb427a598a97abe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-4-5.102.3760.1.odl

Filesize
706B

MD5
5f22d05aa688719df129fcfafcbac5e3

SHA1
499991d08349395b9846f9efefd531f53f3e14a1

SHA256
76a25167802ad3a9bdefbd73da19b8c0ebc08895e27af2661f0d1b6f16861e66

SHA512
dff0c803087491eb529ec12732da6d05a9a2a08ce35b52d456bd462996a453060dc20e80009bf8262acd0913f2b14beb34149209ef5968096d64f1d7fe0f3956

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-4-5.102.5740.1.odl

Filesize
706B

MD5
d85876bec32dd01ad3a7f155d49e8fa0

SHA1
45915aa369b43b6fa75ca2f7107959959b71639f

SHA256
dcc0407b53053d5dea8d867c068b9453b8e4de42abb06f9f391d20e2d7ebd464

SHA512
fb790b6df72d6085751e17cdf3c8ed246072a082a51834902775a03cb1d0823579780aad02b29d43d546185457929efdb82892077478b582b4b9e0e7217ec766

Download Submit