58add83e9870a4e3267e7b77d4e4dbcb3d45208d6f51a1e88f6236023e8074e5

Analysis

max time kernel
2699s
max time network
2667s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
10/04/2024, 12:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

y.png
Size

44KB
MD5

25182ade597a9d78bcbbfc3938f6cad7
SHA1

db7f343609d146fd77e434fb86523ac758168e14
SHA256

58add83e9870a4e3267e7b77d4e4dbcb3d45208d6f51a1e88f6236023e8074e5
SHA512

2a7bc9cfddbfac7d7f30b29fa9e8f7acdde55e61e854dc4a760503ab03353d14da5d1dd43feeace1319d13053c288986b1cb59e68d848dc6ee08b4cd62afe416
SSDEEP

768:oGk3mGIaKlceH33KwxOHcTT7+LBKCqRq0vpuh+P+P+Q5fuEYn9B8Ul3I0yT8:7kxIvH336O+VRqRq0vMz5WRj

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133572261666240162"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
484	chrome.exe
484	chrome.exe
2824	chrome.exe
2824	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: 33	3676	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3676	AUDIODG.EXE
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe
Token: SeShutdownPrivilege	484	chrome.exe
Token: SeCreatePagefilePrivilege	484	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe
484	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3440	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 484 wrote to memory of 5076	484	chrome.exe	82
PID 484 wrote to memory of 5076	484	chrome.exe	82
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 2616	484	chrome.exe	84
PID 484 wrote to memory of 5040	484	chrome.exe	85
PID 484 wrote to memory of 5040	484	chrome.exe	85
PID 484 wrote to memory of 3068	484	chrome.exe	86
PID 484 wrote to memory of 3068	484	chrome.exe	86
PID 484 wrote to memory of 3068	484	chrome.exe	86
PID 484 wrote to memory of 3068	484	chrome.exe	86
PID 484 wrote to memory of 3068	484	chrome.exe	86
PID 484 wrote to memory of 3068	484	chrome.exe	86
PID 484 wrote to memory of 3068	484	chrome.exe	86
PID 484 wrote to memory of 3068	484	chrome.exe	86
PID 484 wrote to memory of 3068	484	chrome.exe	86
PID 484 wrote to memory of 3068	484	chrome.exe	86
PID 484 wrote to memory of 3068	484	chrome.exe	86
PID 484 wrote to memory of 3068	484	chrome.exe	86
PID 484 wrote to memory of 3068	484	chrome.exe	86
PID 484 wrote to memory of 3068	484	chrome.exe	86
PID 484 wrote to memory of 3068	484	chrome.exe	86
PID 484 wrote to memory of 3068	484	chrome.exe	86
PID 484 wrote to memory of 3068	484	chrome.exe	86
PID 484 wrote to memory of 3068	484	chrome.exe	86
PID 484 wrote to memory of 3068	484	chrome.exe	86
PID 484 wrote to memory of 3068	484	chrome.exe	86
PID 484 wrote to memory of 3068	484	chrome.exe	86
PID 484 wrote to memory of 3068	484	chrome.exe	86

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\y.png
1⤵
PID:4288

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xe8,0x10c,0x7ff9f7ad9758,0x7ff9f7ad9768,0x7ff9f7ad9778
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1836,i,9317137785542000078,9017163628999900625,131072 /prefetch:2
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1836,i,9317137785542000078,9017163628999900625,131072 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1836,i,9317137785542000078,9017163628999900625,131072 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3176 --field-trial-handle=1836,i,9317137785542000078,9017163628999900625,131072 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3192 --field-trial-handle=1836,i,9317137785542000078,9017163628999900625,131072 /prefetch:1
  2⤵
  PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4436 --field-trial-handle=1836,i,9317137785542000078,9017163628999900625,131072 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1836,i,9317137785542000078,9017163628999900625,131072 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4848 --field-trial-handle=1836,i,9317137785542000078,9017163628999900625,131072 /prefetch:8
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1836,i,9317137785542000078,9017163628999900625,131072 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5112 --field-trial-handle=1836,i,9317137785542000078,9017163628999900625,131072 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1836,i,9317137785542000078,9017163628999900625,131072 /prefetch:8
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:3160
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff6f1557688,0x7ff6f1557698,0x7ff6f15576a8
    3⤵
    PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4960 --field-trial-handle=1836,i,9317137785542000078,9017163628999900625,131072 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3444 --field-trial-handle=1836,i,9317137785542000078,9017163628999900625,131072 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3456 --field-trial-handle=1836,i,9317137785542000078,9017163628999900625,131072 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3468 --field-trial-handle=1836,i,9317137785542000078,9017163628999900625,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2824

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4580

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C4 0x00000000000004C0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
5da626cae64e630c8cf47d19920d133c

SHA1
f5f4c980ad76b3ecd43dc95cc8deccf9f9b6116f

SHA256
a8fe4a23557d5f8dc4219bcf06cddd21703063109bb9d413b22670beb91f98c4

SHA512
2d2d5292e4b99a2d6e33d99cf6325accddd03e268000f78bb16559958f9d1ce0ea95bb0c99818aa272664f7d3004f9fb833d890ef1589934203f03c3039b674e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
15b50f46687ef0b64a277bd99fa08f6b

SHA1
5cf2b509043594475f2d73df6bcb61825a879963

SHA256
7df3d77aaa1ee085c02eae21b81c4751a543b378a4ae1465e2fbad58380760c6

SHA512
fe7ebc8d75c2dc3daca9574a0359612400b1f29b6b1d7a66f9a07685822cd58421980c630f6c979d47215722cc45f4a4c7e08a53e74f91b4107eba91288ccac3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4ce8844fbff34806bafc957dbb3a8bd5

SHA1
5f5fa073c9e2701b2fa5add5ce4040cea2e88a16

SHA256
8b60455f9f958ecadba970731189cd4984e5d70056dcb230679a6d4e27693ea5

SHA512
5f2ec4daa31cc390e786e30b05e00854752e7a1567c0a1584fc7f6cfd6abbaa8053120701b69b6b22e3469aba4c13df03aae25f6dbd2bb951b1eed5e40d3431d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
666344571d18226cc5e2c6d0187e8558

SHA1
68ac45ea44d912a5d5d17e5113a20fe87c612f69

SHA256
68437f55f42c3bce848ef701ce452dd0dbc2f197e97d1912b7d7ec238fb71806

SHA512
7430bf088ce108b9d2a61c653bb42ca0d84eefa96ba917ea687c09edb3a62c2a4c87d876935d7da6f563855cd1c8a72677155d4a04d2e459da6b604e927deb45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
83f02045ff1b11d12955f55dfde7d9ad

SHA1
c14b43d6acd34e3a00e79587c3326327045ad7f0

SHA256
103f272450dc291e9b1a188c051280bbbcf15cbbe91600d0a0656d685fce9c99

SHA512
ba4d29900b4583d36e854c44b9b102fa0ad6f7752431c893a3846a31ecc715d7bd64d649e95a505d7315947bfef16082225b1193601b3b37a19e7c978513022f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d1a5162f875103eaa547db7a68c2ec98

SHA1
241b718c0c25379147bb965b154c296fba1664f5

SHA256
2a94ae1b40c66333bd05917f49fd2dfa840281182843c9e6c5e77f40115a334e

SHA512
297ede02b54a9908900510fa8390b604787d25d217dabccd78ce8a7ad5efe0c81832d9c49fcd0218915761ec2cf99a4a6d8c8f48ebe23a7cd3e8b68a0804a053

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
689ffeeef673ebf1177fc79389500964

SHA1
1521568091dbe96bce789770e233a394bdacd84a

SHA256
daf4f555799ef5c7d00694285dfafcece85a6902f35b08a7dd3d5fdac99170a0

SHA512
f5cdb79e105533b2f8543b1af435ede32e8f110013d7adff38bf36c9896425682b5d6f7b97761b9fa26f458f239a1107e5b675bd0e7410809a18e849ccd1850f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
710ffe52ff1acb7978f0e9c79f158200

SHA1
a331d9c8ca29696bc07a09d46e117bd01a9eb8d8

SHA256
46207c1d87b1f15d84bd826b0e91a0e1482226f923d930fbb3531e2e347630d0

SHA512
abfc097f2e1094713ca69edeadae554f64bdc4d230adf5f193cf91c92c69d14d6a5b8145f2313a9068f70a003bf3e66531961c38dd0eb8db875087a66b8d27c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
2d9ff150531eda0b1eeb519c5448696a

SHA1
b326624311f20156930f521e09bc58b65ee4dd7f

SHA256
6cd41192c440e7840e5086da1a2e119d87803c40e50b542f5627ab3253a35daa

SHA512
b5231a37611f3cfd41b4607cdc8f4c2d7351bdf5a81b4aa7f8564878395ed8ca4cc656d285478f98ee5ac3647b26f7b60c946d2cc7f12d6e036d2aa49259bfe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
405fc71d90ddaa1a11a46a82f45ec8a3

SHA1
145d5254a4838d1a93869d23586b9d13362d0895

SHA256
0ea7613fb69bc81d4d2f515d22ac9b132e0a82c227785d225bb2eee0f147fc9d

SHA512
39803466888e1a00257a17dd9651c3c3b8035dda76f3c86d59a83045be87a210f88538c815d2a0076444eaac6140f9e5d5bd133a6a1150abee9907320e78e8fa

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
eebfb84605e05222e3ad98f4b9f62db2

SHA1
36ddd440df5b2776281ad245a6a57e7a183c09a0

SHA256
4a9b70f7113d5c252937ad9bbfa110031124ffe3643648db3f944111b61bd559

SHA512
90e6f46d36c30783af4032f72beb58eb157849a8197e39945542da8a0c1313cb87e91f18a732f5718ec6a676fcd790458419bcc22c608824416fa6df14bf5ba6

Download Submit