7b4e95e45892d3a384189c925fb026f448489daf97ef75cbf9564a43dd47f8af

Analysis

max time kernel
299s
max time network
300s
platform
windows10-1703_x64
resource
win10-20240404-es
resource tags

arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
01/05/2024, 20:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Yasd7sy.png
Size

244KB
MD5

f4794ab8a783be42853d8084e4a5504f
SHA1

2bf477408219678a69464eed85dae10763e6ee6a
SHA256

7b4e95e45892d3a384189c925fb026f448489daf97ef75cbf9564a43dd47f8af
SHA512

a6954e765155c83b2953c5ad229d942218cbff5f24d23a7b7acb2963f03e1cc2b12f8548358b613e8a82560eeaa8583bda1a6c2c08208c6fa2d1b326c69e6f1a
SSDEEP

6144:bKWA66JCb1lxjwwp+4VPE5Zij8QAKQ7Loz+uJ3BqHxeHj/h2D8rK:WWA66uDi4y5ZuYOF5BqH8D/h2D8rK

Score

7^/10

Malware Config

Signatures

Unexpected DNS network traffic destination 1 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	54.203.171.68

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133590706268492164"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
204	chrome.exe
204	chrome.exe
3160	chrome.exe
3160	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe
Token: SeShutdownPrivilege	204	chrome.exe
Token: SeCreatePagefilePrivilege	204	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe
204	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 204 wrote to memory of 164	204	chrome.exe	77
PID 204 wrote to memory of 164	204	chrome.exe	77
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4696	204	chrome.exe	79
PID 204 wrote to memory of 4528	204	chrome.exe	80
PID 204 wrote to memory of 4528	204	chrome.exe	80
PID 204 wrote to memory of 4428	204	chrome.exe	81
PID 204 wrote to memory of 4428	204	chrome.exe	81
PID 204 wrote to memory of 4428	204	chrome.exe	81
PID 204 wrote to memory of 4428	204	chrome.exe	81
PID 204 wrote to memory of 4428	204	chrome.exe	81
PID 204 wrote to memory of 4428	204	chrome.exe	81
PID 204 wrote to memory of 4428	204	chrome.exe	81
PID 204 wrote to memory of 4428	204	chrome.exe	81
PID 204 wrote to memory of 4428	204	chrome.exe	81
PID 204 wrote to memory of 4428	204	chrome.exe	81
PID 204 wrote to memory of 4428	204	chrome.exe	81
PID 204 wrote to memory of 4428	204	chrome.exe	81
PID 204 wrote to memory of 4428	204	chrome.exe	81
PID 204 wrote to memory of 4428	204	chrome.exe	81
PID 204 wrote to memory of 4428	204	chrome.exe	81
PID 204 wrote to memory of 4428	204	chrome.exe	81
PID 204 wrote to memory of 4428	204	chrome.exe	81
PID 204 wrote to memory of 4428	204	chrome.exe	81
PID 204 wrote to memory of 4428	204	chrome.exe	81
PID 204 wrote to memory of 4428	204	chrome.exe	81
PID 204 wrote to memory of 4428	204	chrome.exe	81
PID 204 wrote to memory of 4428	204	chrome.exe	81

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Yasd7sy.png
1⤵
PID:1156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ff9b7f79758,0x7ff9b7f79768,0x7ff9b7f79778
  2⤵
  PID:164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1728,i,3610637815101241933,11553482077162523855,131072 /prefetch:2
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1728,i,3610637815101241933,11553482077162523855,131072 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1728,i,3610637815101241933,11553482077162523855,131072 /prefetch:8
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1728,i,3610637815101241933,11553482077162523855,131072 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2904 --field-trial-handle=1728,i,3610637815101241933,11553482077162523855,131072 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3984 --field-trial-handle=1728,i,3610637815101241933,11553482077162523855,131072 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4624 --field-trial-handle=1728,i,3610637815101241933,11553482077162523855,131072 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=1728,i,3610637815101241933,11553482077162523855,131072 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1728,i,3610637815101241933,11553482077162523855,131072 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1728,i,3610637815101241933,11553482077162523855,131072 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4988 --field-trial-handle=1728,i,3610637815101241933,11553482077162523855,131072 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5116 --field-trial-handle=1728,i,3610637815101241933,11553482077162523855,131072 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5256 --field-trial-handle=1728,i,3610637815101241933,11553482077162523855,131072 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5024 --field-trial-handle=1728,i,3610637815101241933,11553482077162523855,131072 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2912 --field-trial-handle=1728,i,3610637815101241933,11553482077162523855,131072 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1728,i,3610637815101241933,11553482077162523855,131072 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5272 --field-trial-handle=1728,i,3610637815101241933,11553482077162523855,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3160

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
18KB

MD5
c712db452949269848b13d7c643be4b4

SHA1
1401435c189d8322ed3d5d45e588743503e7d7c7

SHA256
a67c4f0f956b09c01b0fe87f9a3ad4de355865cb726f15262d9975a4d2febb95

SHA512
7a92b727fff58ca4e9974ee66278a8730a05d3f54f8cd31408ab111c59c80de743fc95e00710a33a9f3ada79528119b9ead9534227a4bebc3339a116ffd187e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
18KB

MD5
5445fcf1a7821666fd34261af84f291e

SHA1
d7790366600cf1ee5974c9ed4fc0a492bca33aad

SHA256
c1540a28bb9301fb6c70f97357504358683db4312dd2e46b6ec081f847e7e93d

SHA512
006ef78d03406c1758b71e88c2ae7efe0ba8b8a2bebc2c998dca7fc27928c6ca373ec84f7c07e6b36fedcda0d48f661d9b26a65c06c6a99fedc11603e3ae321f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
29ae7e50190a0f1e690a3feb4d6392c9

SHA1
be563f9de46f5b761673b0e30bb2c367e4a35195

SHA256
4078644418fcc2cd2b26437a1cfbfd7a87b9802f75a00186f7bf2341dbd72e4e

SHA512
0d4ae83d9c68cf924a195071e3988b742d8f789d663ddeb038b48726211ad95e5e4f3559e90da2f719ed3fbe5e8f0fdfcea6df734819e553196d5810a6cbe64c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
da29292fb04c3718cf3f4b7159b8d27e

SHA1
0ad617bd601ee4bf86791dbb6b0c6e6e61391166

SHA256
05e65c354ec2312a2ebbb6c3360dcdb6dc1588fa859076aee66f963d37ef9d2a

SHA512
a86aefc8f62dd0f3be0ef46f6900b2e8eecde9a074f7e99588ef80a78a74e38c3afd4237df379cf1f4e940097998f4f78d0967b7a13cf4e58d0b1ec3f9fb80ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
21cdba82d362df9051714b8d5f5472a4

SHA1
5f66307ea21185f166ec7fe161eee039154c2232

SHA256
befefdd6db9a122940ecb0d82de9cde9e4442928a37e79c020b4c0fa9ca8acaf

SHA512
c11e77dd6bda2355e98ad13efa7d7bca344315c200bf31235c56bb261dd7bd47e412484415804e22b6b3187e6150694a5f32eca6bf24814adfb2cd37b0f4549c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8d180547b0b71c36b811e9ff50bc54df

SHA1
b1bdd1b6e0bfead41f44d4ece7b2653a41d76daf

SHA256
413c943dc4f8624377d48b36586c005e7fc130db9eca6f080707b0c3a1c228ec

SHA512
0b270868669514e4489beb34d264fbe0fe4597ff8b61c9230e6cdc8927df20cfb4149f3ffdc3e449697609b09150e3ec0495a6b4ff2b03558f3a0fb82958b898

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
59553b71b39102def207c0f47a9eea41

SHA1
e1afd602d827057ef2dc29801c36c36a3e3131cc

SHA256
5d1e2fe42b022afe66c64da53167f3b228bbf179bc706315b80d3344cd049de9

SHA512
2b3b4bd4b7832af621e2a27f017df977f667fabf01a3e0802591b4b2a07227169a48b4f8f57e76111449db6818462f7b969d7b3c55860937ab09b18b6291d513

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0de35b75f89d4a2b914c597fe2cefaf8

SHA1
5e700e0c0e2e39fb8dcde1f45026551fd1e1db73

SHA256
83b76d42491b68f4a2a22bed9ca62ff731de04308cdd1f3249b5481f1254b66a

SHA512
8bd3f143a79e4dd30c9f41f37d49671de55551a91a1be78b1942177bfaf001fecba4931e587a21d83cda2530c7d479d5bdf07ed86525f8840cec1de63c9c357b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
8a0599bee2d931e78e2e9c59be29defa

SHA1
879019856906214b907d6a913a508131286b8fbd

SHA256
3ba8d4729b90dc42d2b413bebdf411bfbd282c61ee8890fed24b7c04f4afc641

SHA512
ffc2fec2937e7fb1ad054450f0c7c005ee819838ee5418bdc18bd2470f9a096ca6135d0bad427b39841d6b1fc877a4aed738823e646d46ae03aea3dd71537d7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
272ac147b210bf31de5483b0f7104010

SHA1
64b4963cf97ec5fa00dd072e019642f08d27b95f

SHA256
c405e6ce3f043866e6ddb6b6849940f58e2f5f3872b1e8eb37f5c12ddfd61730

SHA512
6c5c9020e545d21a93dae97a5f3011683a15838c0c7428b34136965d7d59111907846dd188c7d7e4703e702440072e59e7472b896223264314f5476c109cd186

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
982478d17d5027b739e8d46b43a09404

SHA1
b0d080be874345cd2e3b2e30c595433950f95126

SHA256
d342808753ec91d08eaaa540528b9ebda06520d779343b5882a4aa10a57aadf7

SHA512
5810c1efdb5cd3b72c81ef5406a9fc38dbddce5e777c2d9d4cb60ec21d5a615f13b74134c2c452febc6383f4cd12c40470e2738f5dfaf663b3a3bc5d922806cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
367dc9271b491d2317f440c42139fd86

SHA1
551d0330efd15f89c2700cea39069c412be1ef82

SHA256
fc2235b115fd3dd5330f1b820967c00d2e407860c68aa756ba86cffd2e38bf34

SHA512
5a301ea98d0b48a4547b3ba8ae3414a23c0c06ba870ab653d8f2a4068517e6c127c6ee0eac9621d1a6e36ec5b31750e7d099c7267140bd58fe7dce11a5f275bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
65124c5601ed0b8d422a73e4829ef571

SHA1
464d56f8c9a48e0789600fe04148fd0f7ba617b3

SHA256
032f9b9a969b3c77cab80cb9d9d7cdcebd1fb4462b7b6605d410d8176ec99645

SHA512
793c41d933f76861aaa84635c56884670dc197c7f590dd62b7222fbbb05d5d78cb1db9475e0d20d2647bf304a106e37b7c1be4cdfd08cf5540624685325f23b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b6e5a47b012ce21524877b91a99d9427

SHA1
2235b99334ff5568028d76c3bf7169573e356dfe

SHA256
5c299ae0aae1a3823f68e38d0c1ec99f17daf47db98e236fe8da904b1c8fd2b4

SHA512
9b0c6479096797f097c37ffe5afbfd993318b88acd9e0ff3d793119e452bcb2818f231c53a5b253faff6b6a4712224a88841b0321284480e3577bab8398755f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
8e99869b2bbea54a3745aed9191ca8a5

SHA1
d72d6b2ac6e2a49973f458293b2d1d1785105677

SHA256
a0ba458e2240faa4e98f2d3a621b621d9452d004ad3262d8a601f2fcdd6fdf65

SHA512
9a511f2997ce50d9824feda02598096d05589dcd68de8f017fa4e55170d550cb7e55a588c74db5e16534aa901f1163db41c2d523dc8ab8eb8ad494039608fdb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0cc27601610a58ed6fbcf8de01e80fe3

SHA1
8c31853158233de534fa706c5536a402a2a8ca19

SHA256
76a1a5f336d24343796aa6031f7f09fb9f8440429c975069074ff3c52e49d1f8

SHA512
ccd62d3fbc7e57014a240b3434d1eb2da81afa769ba8717fa2d311d69923e8e1fa80f619affdf61a8029514bd172b05cf5337a0bc1aa55efdef917473de93a36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587654.TMP

Filesize
48B

MD5
b06d447a850f49035ce383e52c3e5cb4

SHA1
bad245fdbf3bef4b4ffcb4a99c3c6f0d6d8a369a

SHA256
965f926a8adc6c87458beb7ea0098140b83d8d2e48e835f9cb160503c3b24969

SHA512
101204e3ed4f8101d94a059e1c57651055e55712811df6c21eb7ec059279dd5ea5dd8191bb2918cb110832a208055caf93d52f799a9bc4a505ec6cd83dc817a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
e20a5506fd101e4ed0e219be7bbe9675

SHA1
539dc6a790043cf1c49162e129f98d6a743f26df

SHA256
d3419604099a100537f0eef1982946e94560e4670548422807db34d6a0ea68fc

SHA512
0166c50287e61bba23b439979a329d34b2b74254e16c6855d43977fc11e4cea5dcea33f158e4968669545ff17876a2d2d020f66e9d02e34740492701a5f7e21e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit