hxxps://drive[.]google[.]com/drive/folders/1JwyboFrS05GeSxj2yjutn-OCPzrUBRsZ?usp=sharing

Analysis

max time kernel
299s
max time network
303s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 06:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1JwyboFrS05GeSxj2yjutn-OCPzrUBRsZ?usp=sharing

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
4	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133578088460083564"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3132	chrome.exe
3132	chrome.exe
3952	chrome.exe
3952	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3132	chrome.exe
3132	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe
Token: SeShutdownPrivilege	3132	chrome.exe
Token: SeCreatePagefilePrivilege	3132	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe
3132	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3132 wrote to memory of 2116	3132	chrome.exe	80
PID 3132 wrote to memory of 2116	3132	chrome.exe	80
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 2400	3132	chrome.exe	83
PID 3132 wrote to memory of 4728	3132	chrome.exe	84
PID 3132 wrote to memory of 4728	3132	chrome.exe	84
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85
PID 3132 wrote to memory of 4492	3132	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/drive/folders/1JwyboFrS05GeSxj2yjutn-OCPzrUBRsZ?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff88be5ab58,0x7ff88be5ab68,0x7ff88be5ab78
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1104 --field-trial-handle=1840,i,14698835426619658040,6904915575275649152,131072 /prefetch:2
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1840,i,14698835426619658040,6904915575275649152,131072 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1840,i,14698835426619658040,6904915575275649152,131072 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2860 --field-trial-handle=1840,i,14698835426619658040,6904915575275649152,131072 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2868 --field-trial-handle=1840,i,14698835426619658040,6904915575275649152,131072 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1840,i,14698835426619658040,6904915575275649152,131072 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1840,i,14698835426619658040,6904915575275649152,131072 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2892 --field-trial-handle=1840,i,14698835426619658040,6904915575275649152,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3952

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
27KB

MD5
02dbb8b5695eaa16c15040a1e0d1d9d5

SHA1
0c589d4cf36dc04ecc6899ab27050dc1cda80647

SHA256
20e906ebf4ebed2ae1788e6c5044c18a20363846f15b1c98909985deed9ed749

SHA512
6fde53dac2aa5bd8ff1f4328608b352b3c8c13962efae95e57ebef9a7052456afc50d741de5cc401663c936446594b180acf4460318de05c1192e79861513874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
2c5677c1dec734d94341a521d4577d86

SHA1
cd83edd2dad291b890201e0bcccdce5e0fae9b67

SHA256
4517d32f9d8a4544e7adf2f5c886e115da82d41e21c900ee57415fccc6667c71

SHA512
4d4b8859a4744452c125b709edbc161cd8c81f90c3313b1d4cb3a3efeafe4cb9d0161ef5d8113076ab89d619888e9c54a3f364e2be09f3fa6c6ea7b443e536a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7d23eb489103bf095340dd9959cc2824

SHA1
503d15f590aec458418f18cbc99c0fc3debfff21

SHA256
d7146045d1667b2174f95fc10a5eb523ff9ea68ebff48d8a37d8dc9a1ddf797f

SHA512
33df67556916fcf58e1c8d07ba9405dc437f184e1065723bda29f902ce08c8b191758bdc8b90c5b97ea38e17f5619b3b602061d83b0c416b7bd8a1d3eb205102

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
c44cfdcd6e2051ce3a810493966a079e

SHA1
aed56316f38913d7960f87d4eff9ad1c805f0a35

SHA256
23826fed6c6c9a790d9dfe0dea6c6a934ce81b1a2004f11161638bf1c3199635

SHA512
1651c2203ade27d367f71d55b680736e3a542df6e9ffabb824c23bb4a1a737a90a94ed0c5c060c5a44bb6fb881c1153990eee25a198a90646b88772fb1c85c88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c8f53fa79305015d75139fe77ac3a7fa

SHA1
7fa008c84f46d7bd4003be88ba5c459675a94393

SHA256
4dfa3684b9afad4c654a8cdd5dd9b2542e48b1b5673bbea2fef80db777dc9f50

SHA512
01c61241e7d23257a61729411b9017972e3d7dc9a9632c6aa6317d777f2668b78164842d289172b9ac7803341b1c9bd80576a9015c3ffeb531216aaf3621294a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
0ccdc628e5e2472541e51b63df3c7640

SHA1
79eefe753866ca455c35857c2865dec5654dc0a8

SHA256
8c806287445ac923e1005318cfcb4d47c4602ed1b242aa27f070c661fe22367f

SHA512
d6c5b2ffa8a04e9bbd9942e9d0ef1bc74074803c5e746469a30674ebb129462808aeadbc864f134f8ed49cbb338e2c1ad599d0f597494460710e0c4e051d67db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b54497f7fc7b2ddb9de53bc9107d1b5f

SHA1
d3374254aa53bf4c7b52307809854711e8844f99

SHA256
8f3e07e21c6f19b20f8b57e304d9e6ff4ea8c5b104f45ea6e5182001ad8e9347

SHA512
a6832cc59c77d350347105b29e0136374e357d993d1b3d261b1b7acbbdbbf171a89e3c821bf2d44e7988019fedcf855703f047b58e30475537278e05eda87f43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
97b6943bdd17455cc711dc72159583a3

SHA1
f7a5c3cdc16ca782c3ca4777468b2399424feda1

SHA256
a3ff477ce4c614c492c58c6c37978ea928808fc5fd5a4487418b4cfa63caf425

SHA512
0fe8b9142c3e0832a870bd6bd1ce1f5a2e247204201956b34a535be5ac26e7e0771f15c435387eb0231e24e8282bb81d5458adb0f53367a481229d152a517fd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6cdde605b539f0b2170b18cc39d2c522

SHA1
2f302284ae4c21150dfd1255225410f739a62b89

SHA256
cb043d95416cd3305f486ceddf07d2891bcbfc002856c74fce93e478323a6894

SHA512
8c38b4b906c4e1293f1403f51006a60a0c7f1369a7158061157988acbd2c6453f7dce5a9fa99affdbb2726a3675804e388f85175341265bd327d44694c70e63a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9c770feb3f507d4063f48dd2963c31bb

SHA1
313935e92cd587a763d1d10e402b1450426a0c16

SHA256
5447ffcf5c6b1dcdcf8807eecad011ff050887a57a91dd2513621ddcfe708aed

SHA512
17e660f0b8c71555562a81d41d79c2106e527c7c07683c9c52b00aaa798b07973dbe31656c819c81ab4c4815741c4aaeabcfb9a0d1f2a8e02c583a74836303ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f30b7cd2ebe7f0c239f7ede276abcacd

SHA1
cc73b1c0bafe647e9c51c93e23ced2e8b8ba01d5

SHA256
e8e489d894cf46725a297dd8f752260c543f0072c3f3c9218d03a495452638f6

SHA512
5f39bc0057d9cff0b6cdc8e2038aff7e3549891186ebaab996230ef46211e0e630f7cf8561834cf9d718446f22cf4d058f0bfe1c64899a7989e3fa7c9a35f0e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c20101b8adbd53e842e2ecf5e0832e19

SHA1
dc4d1528deea61845a5678d7f441dd030cb03f38

SHA256
1d77eb9b29d542d747499fb7678f916ec9cfd9aff4ea89d50e0b389c04882812

SHA512
0269bdc4bb3b47532f636bcc821b4fec69394758507859335bd9efbab86dc127ec3309603bd4dc71d9cea783b0df5dc1d9bd3ca2e031f936eae41b9e6eb64142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
867d521b97dc0362eb2653e08da5c305

SHA1
497b5601fd069d511d89a56dd83daa87ad96b78c

SHA256
beedf537c3e4863c58763df97b529018086fe7257b9c9356556052cee09c5a7c

SHA512
053dab2a726d797a1031a4b29f660096b5a7d8f7242703ace5d470d00cfbd33fa22d67c3c425fbcb35f1feae933e084ffe752e995ea80d5da6bf4efa76faa05c

Download Submit