hxxps://acrobat[.]adobe[.]com/id/urn[:]aaid[:]sc[:]VA6C2[:]79b4ea8c-a655-4b6d-b979-1573521f7e76

Resubmissions

24/04/2024, 18:42

240424-xcswqsfb6t 1

24/04/2024, 18:39

240424-xamxpsfb3w 1

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
24/04/2024, 18:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:79b4ea8c-a655-4b6d-b979-1573521f7e76

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133584575678693957"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000_Classes\Local Settings	chrome.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Tax_Document.pdf.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Tax_Document.pdf (1).zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1252	chrome.exe
1252	chrome.exe
1480	chrome.exe
1480	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe
Token: SeShutdownPrivilege	1252	chrome.exe
Token: SeCreatePagefilePrivilege	1252	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe
1252	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 5884	1252	chrome.exe	79
PID 1252 wrote to memory of 5884	1252	chrome.exe	79
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 3548	1252	chrome.exe	80
PID 1252 wrote to memory of 2440	1252	chrome.exe	81
PID 1252 wrote to memory of 2440	1252	chrome.exe	81
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82
PID 1252 wrote to memory of 2568	1252	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:79b4ea8c-a655-4b6d-b979-1573521f7e76
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8c46fab58,0x7ff8c46fab68,0x7ff8c46fab78
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1452 --field-trial-handle=1632,i,17212459343443342059,16844028232363384312,131072 /prefetch:2
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1632,i,17212459343443342059,16844028232363384312,131072 /prefetch:8
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2108 --field-trial-handle=1632,i,17212459343443342059,16844028232363384312,131072 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1632,i,17212459343443342059,16844028232363384312,131072 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1632,i,17212459343443342059,16844028232363384312,131072 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4824 --field-trial-handle=1632,i,17212459343443342059,16844028232363384312,131072 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1632,i,17212459343443342059,16844028232363384312,131072 /prefetch:8
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1632,i,17212459343443342059,16844028232363384312,131072 /prefetch:8
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=1632,i,17212459343443342059,16844028232363384312,131072 /prefetch:8
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4208 --field-trial-handle=1632,i,17212459343443342059,16844028232363384312,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1648 --field-trial-handle=1632,i,17212459343443342059,16844028232363384312,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1632,i,17212459343443342059,16844028232363384312,131072 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1448 --field-trial-handle=1632,i,17212459343443342059,16844028232363384312,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1480

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5924

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5ece11daa3cb4f859e4582117aaf1fa6

SHA1
d2125f1f0ba6754dead0441e933e7e6b39bb1c5e

SHA256
6699bc0d64121f855fea30ad751250a003c88d6e68c459ac1512d4c20929dfa7

SHA512
76ac6271cb2b085dff63bead683f26f38f75879670cc7736bb8e70b8dac94628e7e5acc9e53a1605d6bd08bb3d80e65aacf2180fd1082c5bc382a596270e985b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bb532853ed879afbf0b001720fb23ef6

SHA1
98cd2bb69ee52334337fa6522789ff51a95cbc47

SHA256
8d71646d4c50fce07e42dc6227211708023855f1fb31fca4654584300ac53110

SHA512
00c693074d7cccf6dfd09605444bed71094e2514fd41e092fe1e0d0b54a6173e018ca55da774ffdf0767ddc680fd9f7f55f7fc3368faaec305b3e82298dd811c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_acrobat.adobe.com_0.indexeddb.leveldb\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
621b56d68a545ef8255f06658d4c4c94

SHA1
950c55e5e37d55558ea38f655564467af04cb6d4

SHA256
af0a1974b231aa57bb79c2d00128e22ac4180caf5832877907f870a3b2a49875

SHA512
aef7c7612d3ac2f759d5b09eb502096ca2b2986013e7d81c609995056848a656c5da62ae3212ffd41c0d2818da2c32173bd43c1af5858fbbd4d4fba7da3c184a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
56989758f3ae9275c3f080c5449d9cb4

SHA1
9c9106801d1c34b4c60096f069058a58c53c1518

SHA256
f36cbf485b3e10247ed36c26b8de0247030ce7b259edc4402570910fd7e46050

SHA512
994bb4bc9ac9b02fab7d1dd71b14580ea5ab65b687ff016f8e8e96b5191b87dac867772d4bd198622ef8e103f31458e22a58f5bcd80ed8f5f8fe62d6922f932e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
cd650e7b82ad30105da605112f37bb29

SHA1
d9ec18eb89fb80c43de2ee1aea28d9756bda86b4

SHA256
f06c586afa4a4100f90e4bbb42d913e9ae298b7a5527b31f20f17c10749946c4

SHA512
375440b650324bd3c541fb82b41c5428b59d60531f4047077063bc1f68853496b5beeae2f20e2a74c0b82f45065022187d53fc15916efa02fc35e8f416672878

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f3805291c13d1b1b3db8f2ef032c3f48

SHA1
d3fb7b5264c0a7010a4928c2abdda4c6e86ae7a9

SHA256
39b48d720847e4360a647cf337bd3810260d65a783696f02e0ef14fe92aa035c

SHA512
43a6760c893b1df7b2c9f272316aadefb4c1ba76baf28fb192b67eab3100b4ecfa0127dd9b7482e91233d83c4468d5197e73931f325faecd339c06141ca9f05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
ead600514bafef04438539f3b153aa1f

SHA1
09da7b37def521443911f092ccdbb7a4a1af77cb

SHA256
3cfb61c13111da200b67dc1c00524b94e41c7836aad20b6f52d34ee23c533cbc

SHA512
0e1185e631b582bcb463b8ca61ed3bf76dafe271ddb4c31ae051652ee0b43d248e68c9b32428782a55b28a3f3317eae958646f872bca74c7514ad32022784be0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
97aadfef2bce1d9e90b97458b419663f

SHA1
6d21ff8533ebe1b088c38d0bcdbad309d7e9c8c0

SHA256
3cc2056309d090d421121d004e75e4df176ceaed2ac667c6857bccb30bde0507

SHA512
e4802f64854d8d281b08bdc3673bf8a354458ec9836786e23fb08902bd4c5d1cd84627b22bf054a2cda877829e240b10b9fc36e7e53cd95d40b96b769b4c4b94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
855099113e5c5f3204a25ca59460f431

SHA1
16d7f8d4f57c6d50c9e2f5cb90820fea3200a319

SHA256
d01779593d4f1801520954b895ceda8910679b6263e959394eb30bc035e1c096

SHA512
7ca5b857d4589bac6d7941f673eae5ab2a5d3e4f162c998db64ff2c10a5e030a698657840b875a26c9cd24eca6a459427146f3d17164b32ce6ece663408f3c94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0e8db29e5f4e187be62ac20bbf2646b3

SHA1
40f5d9d0397d01f7dd217ed5680a8a01813e508f

SHA256
f7bdd1660c3d15b7454c8905bc0649b8eb3e7f4de16ff4e76d1c372555e8c189

SHA512
d7cb10b795e8ad11e83a79cbbf41c20e8f491312ce18f60e9b04729c8bef119df49dc56d7bef18affdafc24d170c690df34bd697b11a43583c215530e66ccca6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c90087013c281ca922427e9873cc3f38

SHA1
512d55976e5030e1b82be8113f38ff160c09a55b

SHA256
c500799fd694489f7c173cf3adcd9e282f62a6fc0f67c6fee85c4158d188c888

SHA512
544be39df1a4c75303b3f1ff421e80bb179c34b64c607686cd2628a93fbd5671bebd0a26d2b962fed8ec1f5e3f6676b8f4e2f0d6967a5c471dce851259947fee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
62017391d93586089b826a46c36e7f3b

SHA1
f92eee353f1688dd6a2a22b6e1990cc74be4d1b6

SHA256
34e28bb704b5d7ce59feb51d7dbde19b3ab373d5f814138bbc22e8eed9318019

SHA512
97139e15d35dac2ec2b898093332c5dc4e68c6197bd03766f406c1b0cafbffd4e73428fe150857a860232990010b2bdaabe63b5302cc06212ae4f798a0cc68da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
68660aad105f0508d45877e21a3ac636

SHA1
6f6c87134e64ef498a7b248f73706067af6f6e16

SHA256
ab6cc42d70d07f2dde746e5bfc61d4abd834c86c71d4f66918e60b89129863cd

SHA512
684024f123cefb1d55953148bb0b6acf8d85b058a15049b94034ce503bb426e0f1e3f65d8183f940c4cf9c8dc8251ec71c09e0bb8b531d4ed202fae119346936

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\8050392b-5322-46d0-8ea9-b00f97c2fd5d\index-dir\the-real-index

Filesize
72B

MD5
777ad5ea1b2c466fc646da48050c5298

SHA1
ff704b271dfae0b1fffdaa3edd49152da23c620e

SHA256
1af7da822652218d7d77e17e0df538db8cbf149021e2506ab16e93a709d01891

SHA512
218411ba3af4193fcc3c9a3b843e91981b56491344a4aa2654855ee031967a693ec80332210a1df323d8616d5455ec6138a1552d4492c44ecdbf346e4365f1bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\8050392b-5322-46d0-8ea9-b00f97c2fd5d\index-dir\the-real-index~RFe57a5a6.TMP

Filesize
48B

MD5
f0e4699973e5da8917d56a95334036e8

SHA1
e2a04f5ec09385175e576d92e01fdc6e153d9788

SHA256
3b744758b8be5c69b563fc8263c5caa1981e66b8768be8ed7ff68c52d5427a64

SHA512
d8a94ee7112560227f67e142f75bc7a34928bcf96dbdb818834285f0f7f4ce24075ad5ab668fd6c2eab31bdb4e68cc246ecbb5527295480853be864e150e3fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\index.txt

Filesize
155B

MD5
cc2bee5245f333526076c6d9b2acf9be

SHA1
b682dbbb11e04c4b45a8e5f1e1978566f393f875

SHA256
3e01ea48a36658f527fa673436c0f7730b8eda4497caed96b8223144209615ef

SHA512
c88184b77a6a9b230fec2faa72e035e56334d800620ea60ad2dec21d1520b6b41b4cb49d82820449b9e3c910c620e7f822bcb6678db13936128e6964caa09058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\index.txt~RFe57a5d5.TMP

Filesize
161B

MD5
f11a8026d65d609a24284303dc7961e1

SHA1
ace64ec021db2aa10e30c8874114d7ab3abe7e2e

SHA256
896676ee61116df67fd5ca0026d0e769b3aa26fd8f487b1677561f51fa405f3b

SHA512
1c6f016eee21821324c7960d4cf65e2a201225f0cdfd0305f62d86a6ed4b5e6b0952b9272aab09a58f8e7d5724ad74cd516a0821564210054808adce8cb5793c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b0d4677705cf2f1b3bec3b0d852c0847

SHA1
01be5ec33a75d0ad252ff24f54f3af1b76186148

SHA256
7bf4e62ca23f54560f66e642bd8ef6126f9713b80f8bebb36ba8110cc82c5d6d

SHA512
483ead570b4b0a7eacdc11d0fe5bfc15989aa360c520e39fbd58e1bdf484ea01264bf0b53e598f56d34a0867c50d1f0a195713ccfc34cf6cc19146deba07e99b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a548.TMP

Filesize
48B

MD5
34b7bb19accd9236ccf098dfab9b0540

SHA1
cd89e9273eef634b108e98292398d1f673855687

SHA256
6e100d31c3a07982e3dfe504091ab2346f0874066a1a91fc1d8da66620c235b4

SHA512
a2820d674f1c454ddf7519b252a1a6e429a28ea025aac10ab09da3954b22aa614af767941b1f306888039ea09249acc4026f5539e1a6c62a5643c1c55f5a79a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
6f82407fd14860f2843f2260c3c5ae48

SHA1
bb5e57407e8a336096c1e69a76b4e238c7a31625

SHA256
6c8925a13d648beca44d96a2fd0d47a2419063ce19e29c8dd4b9aeaf9e620b8f

SHA512
03aca1a461933f4e99d4e351a68ac304e7877818bdf7985ca5d9ade43d9b01f0a0dd699f7484afb89a6813680755ff11e8fcb194115cb591348a5d4fd2e61252

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
95KB

MD5
4317be6f332e9e8aa12a0854b91d1f5f

SHA1
31e37f8cc10dca933134de8eb203b70270f137f5

SHA256
863ea8481871ae87383bebf0c7ef08e5161b2b8a09e8bfa8c443aa1f72ac8b30

SHA512
bb6f3eed4f7a4f23a389fb6771e04b8d95af218ebe75a81129a8b0dc03be3829e7f68f90d586f7bf158164970641a225434b12881b527eef884b55bd54d76e3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5817c9.TMP

Filesize
83KB

MD5
bfe01f0fd52ad51d6034d43a891edc74

SHA1
879ccbab1a0e65c153600733c37351a8e8204030

SHA256
bfae6e8d5d7412f7e131448908a493bfb7625e9447241f718f012267acb80893

SHA512
c87283d0334a8b9a2e3ddb7f93925ead7a1d303e26502930acd55ed87d15c971f4050c773b62154e4020c36d56169427691ca3a0b8709849a5defe19b0f7bdd4

Download Submit
C:\Users\Admin\Downloads\Tax_Document.pdf.zip.crdownload

Filesize
13.9MB

MD5
2dd1a7c3a1e315e310ce0a8af9e57afb

SHA1
38092153924993101933d60a33394260f20468ce

SHA256
06e916ab0dcf4f5f0dd637bffb2db12e22d1a5a9fc511066a42a58a8fc486290

SHA512
1960fb0e9ca539bc0937552b9dfb267a524bdfd1229667bb35c51905202d166a1506ea881a2d83aac16102066b4027744bca402fbe7b6e9cd4f285a5ec602269

Download Submit
C:\Users\Admin\Downloads\Tax_Document.pdf.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit