877078fa114267acf3873a2552a0af56aa79a6f109855494adfd7cc56a23118a

Resubmissions

21-04-2024 22:20

240421-188tlscb54 7

Analysis

max time kernel
209s
max time network
206s
platform
windows10-1703_x64
resource
win10-20240404-es
resource tags

arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
21-04-2024 22:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ahl_95.png
Size

176KB
MD5

1410cc507ab031f350102f11a69a03da
SHA1

984bbd8f98bb2f51c7a0eb3af0930a311dce729b
SHA256

877078fa114267acf3873a2552a0af56aa79a6f109855494adfd7cc56a23118a
SHA512

ce94fa1713c37f929fd1d6ca37d45d136468d6ce89f8eff4cd23bd45070c16e1e6a75d618cd13a4a2769ba8b092a0b4153b46f01b3ea6c88a807e63b9768f849
SSDEEP

3072:QAczOLy97BYvu2BkoVtVjhJpwUcCSA+RPld/jXAUeY5YEaPG29dWyhDmCuJM:wMy9NYvXBkoVtVjhJpAlRP/bXAUea4NL

Score

7^/10

Malware Config

Signatures

Unexpected DNS network traffic destination 1 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	54.203.171.68

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133582116389587585"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
8	chrome.exe
8	chrome.exe
4016	chrome.exe
4016	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe
Token: SeShutdownPrivilege	8	chrome.exe
Token: SeCreatePagefilePrivilege	8	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe
8	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 8 wrote to memory of 1740	8	chrome.exe	76
PID 8 wrote to memory of 1740	8	chrome.exe	76
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 4640	8	chrome.exe	78
PID 8 wrote to memory of 996	8	chrome.exe	79
PID 8 wrote to memory of 996	8	chrome.exe	79
PID 8 wrote to memory of 2972	8	chrome.exe	80
PID 8 wrote to memory of 2972	8	chrome.exe	80
PID 8 wrote to memory of 2972	8	chrome.exe	80
PID 8 wrote to memory of 2972	8	chrome.exe	80
PID 8 wrote to memory of 2972	8	chrome.exe	80
PID 8 wrote to memory of 2972	8	chrome.exe	80
PID 8 wrote to memory of 2972	8	chrome.exe	80
PID 8 wrote to memory of 2972	8	chrome.exe	80
PID 8 wrote to memory of 2972	8	chrome.exe	80
PID 8 wrote to memory of 2972	8	chrome.exe	80
PID 8 wrote to memory of 2972	8	chrome.exe	80
PID 8 wrote to memory of 2972	8	chrome.exe	80
PID 8 wrote to memory of 2972	8	chrome.exe	80
PID 8 wrote to memory of 2972	8	chrome.exe	80
PID 8 wrote to memory of 2972	8	chrome.exe	80
PID 8 wrote to memory of 2972	8	chrome.exe	80
PID 8 wrote to memory of 2972	8	chrome.exe	80
PID 8 wrote to memory of 2972	8	chrome.exe	80
PID 8 wrote to memory of 2972	8	chrome.exe	80
PID 8 wrote to memory of 2972	8	chrome.exe	80
PID 8 wrote to memory of 2972	8	chrome.exe	80
PID 8 wrote to memory of 2972	8	chrome.exe	80

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\ahl_95.png
1⤵
PID:216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb1c499758,0x7ffb1c499768,0x7ffb1c499778
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1736,i,14268587217173581661,16288901041179211723,131072 /prefetch:2
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1592 --field-trial-handle=1736,i,14268587217173581661,16288901041179211723,131072 /prefetch:8
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2040 --field-trial-handle=1736,i,14268587217173581661,16288901041179211723,131072 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1736,i,14268587217173581661,16288901041179211723,131072 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1736,i,14268587217173581661,16288901041179211723,131072 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3936 --field-trial-handle=1736,i,14268587217173581661,16288901041179211723,131072 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4568 --field-trial-handle=1736,i,14268587217173581661,16288901041179211723,131072 /prefetch:8
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=1736,i,14268587217173581661,16288901041179211723,131072 /prefetch:8
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 --field-trial-handle=1736,i,14268587217173581661,16288901041179211723,131072 /prefetch:8
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1736,i,14268587217173581661,16288901041179211723,131072 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4876 --field-trial-handle=1736,i,14268587217173581661,16288901041179211723,131072 /prefetch:8
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3836 --field-trial-handle=1736,i,14268587217173581661,16288901041179211723,131072 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5752 --field-trial-handle=1736,i,14268587217173581661,16288901041179211723,131072 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5948 --field-trial-handle=1736,i,14268587217173581661,16288901041179211723,131072 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6100 --field-trial-handle=1736,i,14268587217173581661,16288901041179211723,131072 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 --field-trial-handle=1736,i,14268587217173581661,16288901041179211723,131072 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4776 --field-trial-handle=1736,i,14268587217173581661,16288901041179211723,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4016

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
18KB

MD5
66662aa8e425db63e9d1c05b1fc64321

SHA1
1ceb30cae73a19ea5bc8659d117538250ced4913

SHA256
f53c35af2ba8221c25d41f3b5eea7f01db4a6432c845632f9a03c6fb0fe1ae39

SHA512
2814ae675b07d339cef54d2c3d9edd8be3d9e185c7ea4d3d41f43ba3757d11df0b124354abdd69ed052bb526a3bdc3d8829036ddb6550300b9ac092ea97a225a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
24KB

MD5
c2c98520ab3310f25ddc659bd0626ced

SHA1
f5da2c1ecdc0134bb56c62a1f5b6bf6bf570dd14

SHA256
2c988175a81c5d07d50931f772734b69147c4637a1f981ac62d2e07e4e826d0f

SHA512
48eee34e290e6074eb68156d7d99aa6b26698b6e2bb68e7a67f3b80cf478379d2a316fdcd39b709ff21a7cb89d4961d56c54d812e251e4bcac7fa8006a58fe82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
16KB

MD5
5ff6fbb22de53d506e3afdb3b0f11a32

SHA1
ff0672cc5ce31a79649023a0734bc83461eec45d

SHA256
dcbeb7e6f48b617e6de164734d130c05091e1e84d48e3cd8e6d845ef43422d87

SHA512
8b5d2d8f5ff6aa17ee35db34cc9d7d7f8082eb8f5e24cd26a20094d112c0a8b87e03a826bd26d921e7b19357c10ddc7bf64e4b411951e561e1ffda48b6f500fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
20KB

MD5
15496c38f21775a36e1096fb0d133a49

SHA1
27c7f5e05cc3eeb8c198d705bbbb3919a24e2ba0

SHA256
b1ef7ef064872ab5944f02233058fa6e6a375b915ed5bd78ccfd7ff268a166d0

SHA512
913cd63ead13889f14f9c8580014cf7a1fcaaf10a2004918029bd3a5651fbbff051d6a3dd2dbff18c92badac9b0136d391307d0a861b86d66a6e7c17aa3810b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cd7ae6f156944fca6fd77c0775d64dbf

SHA1
1a4d825eab6e73c1587d87d96634461bde4f1efa

SHA256
1501f8ea988bd4b373a141866da866032c5f1cdd88e24122cc1ad757892488bb

SHA512
422e374238839e02a476f55dd131723aad3466c6e51bd379103fbd09f236c0ee4502b0c757f7293f369f702814acb4112c593a83dada590bb35df183be42a6bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
09fa369859d4e50f65f6f7a4d0df8f70

SHA1
dbf5731b79e732e344fb2dad9ca1b2058c9a9c67

SHA256
ff8fad8e78e9f4a0429b26ae317f96ca7808d704a32d1b06a75123a5c30a0621

SHA512
1ce2ea7958f1eb38e4ecdd9b0f8ba2703dce35471615f4e3ccd2bd1ddea16c2de18b2e1157eceb027529fdd722cf2a5a15abfc7f7ade7d8f7b66120e64a8f982

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
450719ee039f3377dc0d212844cdba3b

SHA1
4c91837dc56bfbe5d79774e8e1c0a8cb496025fb

SHA256
861dddbd22c78855e1ec5d625970dcae6670e5e1e6d46054fc16140f5300104f

SHA512
995834bd211738933e1ee89f9232847bcfca632d243369533e26919322891f7f2c739a6aa8c6c888e423ee61c5d0c69215053ff71136224b49f855486f3d1a22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
418fea52946f15201d984904133d0de2

SHA1
699c7fbb0ce8de55d7dcb3aa4683085da9b88925

SHA256
8f050a2bc56581c00d0032083fc7cd0ed2abd488281b17d97ef65ab29e51bf28

SHA512
2a2f79748c34eeabd4807496e31c1d0b795d6c98c25b00720e45050b7471fe314185b2df3b319596ba1bc3737c15a67f1693a0d9e89f3205dd7a6de0342daf08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4d57a4401688ce3136b1c406d4d60c86

SHA1
aa14a89bdb70411dfd8e6a02715c850943ba2823

SHA256
026f1f086a89e6cc8c1b1782651053f3220a9549753f4163c2a44718a9db0d18

SHA512
8326bd7fcb8f4c770fdd29ddc60492212f6a4280fd36071df74d6ae81a75a315cd08eba787ac7cb6392034dc12e675bf6804ffc7e1cf2d7a2b66aa2901b6297d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
29610eb6fc48643e99c9d0e663f12ca7

SHA1
8aaf9736c405e471cdbb93c2631235c8f18900dd

SHA256
7a83481cb770240a2d3b6f6e77f3cf2cf98066cc4d5b693ab850c0f1d37258f4

SHA512
848e0c9f5ea5a256fafb5e7b7a120c7ae7ee241734ab50212f549853d6fd072d03e8d67c8824f041c7dc36a61a1c81204efd2ba021d297aa7dd2ced4afa2f34a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4aa5bebd6b2439183e7b0cf9d5faa3c8

SHA1
2cf59b0a85febada94667039d4076604dc206f32

SHA256
e0fa2c5003452888b560ebf27edc9045c4481fde7b23b2a4c81a23c9646062ff

SHA512
ac81e73a822a27e5e95d848a8d10694a63fe2d962c96372739e4829f3f572ec0afceb529ed9dca3b96d1e1af6135c48655215fb81feb9e10374d398952a7c204

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d9648af09e6e4809529f739a4c339ae5

SHA1
7877e8c06d49983b9b65b0c28a3a5c7c07340ab1

SHA256
fbbb59d19848294f2ecb20215e0a07d707ffdb0e53b3be7a550dfc91851e7126

SHA512
ec263801275f773d24782ca8c6a5a71fa86c04c1c9d7e86b2cae3cd75afd5b9e2ccb4a7f57ce038f74f8fe8ab0cd2abcdfb95c5d1100f9099cb9a37f900d81e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
58c0d877e2c1083047ad7ce594ad51d6

SHA1
176583c9256f788f1b8f67dcbf1ba6639746d2f0

SHA256
f055e157a0ea9975cc35e1483a7f62c76a929aaddd81c3a8ed5a76062ea28d80

SHA512
3c4b2abbf36ef60cfb1dea14091463eeafdd98b95d2e2b8c2680e1ff7576eb37bec3b045a46803ad8132415ada0f849a7d2913f13ac7dfdc24fd3b5868f79a4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d663e171f8c676a8b3ee2264fc9480e6

SHA1
611830643325d58b5b3f8a88350434755a8ea0a9

SHA256
7c014dbedb0b210e47c6ec3dc25d834dff558bec38faa90c9b4b5eddb85791d1

SHA512
24c8e9ace3f326c2b31d5543dee0fa61b767c84b7d0a523591f0b425942a4ef81822f85e56708144bedc183ef54e61151d5fbfae5dff992c937d403364b96766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d18ddd1f20109047251329200c6d5391

SHA1
11fbc0f228d6dd37992ee40a2fb2a0b2b99a8086

SHA256
d618d8e874d6fa6b700ef57e914a1d0f0f35f471f5f5b95cc259ec8461ef5d82

SHA512
a74aecf99055dcda91577391ae27a3784a33bd894f1f80ae1c479e76b20da55a96d751bf90597c1176d250b60bb112e7c03637bcf140d173ff3587422f7441cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3c850e5a15eb441100d672fa17982033

SHA1
40a78a2a442e0b8a335da1e4b1d1494e59f062bf

SHA256
c37d40d1fcf2ba4eebc13ff03bd2132c7f792ba2dc873e3f1e2d10d1a596efe8

SHA512
d2c67656598b8ada374bca68b2347ffd8d557fee92a9c52a246af88692980dc81d4484793924f90e8aef9470a9d2f2605ed68c8ac71e626cdd78950101001954

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
b01bbb9183e84004289ec2218451e279

SHA1
13c01fb26b66f49dd331246c619f3d5edc2066df

SHA256
e227efe273b69ab7def0cb38a0c340d2ddd11444793fea4bccc58d7e66645fec

SHA512
0696948e29226920e00ab163e15ec268453128871ca42de8c161a731c83ef5cdad9a6d6876539ef67635453ebd2248144ebf738b02904790088b173b3f02bc06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
826c3a8faa1deb6d1fcdda5e999de28c

SHA1
0718194f07db48f179088b3f2df89aab84f7e138

SHA256
6ce42b1f411a2f55388373863d5120ed3f1e2bb22c2b2622bf1573a69e640269

SHA512
0e06b6788b9199cfcdbb3bf9e6b998d732cada666f360ae2c992bad1153254f16b0a7047494ac5429e46233ec4ead1fb1311f1f7c7be866f7099a1c7b2b7116b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58bc75.TMP

Filesize
48B

MD5
0560b9ffef818130a8d720d4f974feee

SHA1
a7d7e811b7971af97dfeb383d104f923b69fe36d

SHA256
ccde265c9e04b6bdfbcbc5712de360fd8ab079954572c4565e3c04f3078e28f7

SHA512
b05c315c14fe65680636a556faa100f5d7ad9f048e74d00ff7bb48bd5c64ac80820eb8fef5716dde52b92a7148016b75cce4108698e54343311ef8329c4f3c7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
65c43033431d55a1e7e9da88bc9ece1d

SHA1
32972d9356d8becdbec4482849ad0e8a72af2333

SHA256
ae7e5b6ddd7ace6be752bee383ee65def95e1ac42b15b24282d87dfd28019c67

SHA512
d6814e1efda429852800c0ecf563200b15522ce659726bcbd41210a1542d631f0cbab15a6f03b8c454e07a434069282a4e8e7caef95acce2948ec3b87e13ec76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit