hxxps://jestertunes[.]com/MngwMDljNks5MTVEMks=

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 03:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://jestertunes.com/MngwMDljNks5MTVEMks=

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133590936818167784"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3472	chrome.exe
3472	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 2188	3472	chrome.exe	84
PID 3472 wrote to memory of 2188	3472	chrome.exe	84
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 2888	3472	chrome.exe	85
PID 3472 wrote to memory of 1908	3472	chrome.exe	86
PID 3472 wrote to memory of 1908	3472	chrome.exe	86
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87
PID 3472 wrote to memory of 752	3472	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://jestertunes.com/MngwMDljNks5MTVEMks=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffda125cc40,0x7ffda125cc4c,0x7ffda125cc58
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,8724594975333828863,3056527562904616579,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1816 /prefetch:2
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,8724594975333828863,3056527562904616579,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,8724594975333828863,3056527562904616579,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2452 /prefetch:8
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,8724594975333828863,3056527562904616579,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,8724594975333828863,3056527562904616579,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4620,i,8724594975333828863,3056527562904616579,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4628 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4976,i,8724594975333828863,3056527562904616579,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4980,i,8724594975333828863,3056527562904616579,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3156,i,8724594975333828863,3056527562904616579,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4984,i,8724594975333828863,3056527562904616579,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4884,i,8724594975333828863,3056527562904616579,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3324,i,8724594975333828863,3056527562904616579,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5088,i,8724594975333828863,3056527562904616579,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4068

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2096

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
eee29bfca9c29d8903bc50a8c0c99e2e

SHA1
117992236886346e544ec51a87294edc6f6746c2

SHA256
f809909b38791c848e0fa43496cb21bb152fd46f9aa57e51322119d203b577fc

SHA512
7622dbead0e745f898cbb479ad9a6c781cff211ed4be3f8275ccb3f079bf8ec7862b65eb264d8593853e04ece134ebc1eed3082aa374f2cd4ea6c7068d25c0e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
2c5d3c2a90e836469ef5b9d1602891d3

SHA1
86e3eebbf8a1f84e141b32acc1a5ba1150c185cf

SHA256
a821bb75e11f8074af2b8fc096e970a22c928080b2a1c54d7bc64eafab41f7e7

SHA512
b81abe89d430220b7424b7d19786c4995e11579f4362cd4540d66a7c3f60fd97664b84f91c0c5038e4d4fc9d0a2d0206ca8f1748a60fb5e7aa4273ac04b5c4e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\5c52e117-6105-4c09-bd14-b18df35d06b5.tmp

Filesize
3KB

MD5
61456ca5bfd2de2fd8243410da97dbfb

SHA1
03f99b7fd165ff12739c6843cbed2dc672b72f1e

SHA256
f1e7532efe7ddfe359ef118328f2d8e8e9e917f1069a4c8108c81d0efc8a5e70

SHA512
61003e23cd344c75a6162d68674fdf41d5d7b1539ca463a375c43025672a2d65d6a57317666a19277f7a3135d5c1ff56ad951c8e37becf3b247d04f57fb4a567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
893bb4b63ad7498bd032b943c541dbb8

SHA1
d92464d54ba55a1444582b048b79f83f8eb25264

SHA256
f5ce2b3fd266b9919cd6e617c7260c71934126aca2634604fc49a3cac1be3681

SHA512
3ac76de6fa628155785baea821075f4565d140f029503ed9f1dfc9a35afbd0ad42e4ef8a5c55723f5c77327f98a79c4188acc4bf09eb199570e6883efd1be56a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
07ad03bbde14c2804022a043fd4c66c5

SHA1
caa54649137376aca4d4fdaac982f9f0ff14ad9b

SHA256
01ba118ac01edb51becf5e9e67724a031dba7daa6786a38f8f2032357176cb39

SHA512
deb9b2f369591bea76f0c18994e4198d37ca98579b660a42fb7be19cb769ef58f3a4192db91a83ee7f06c7ebc7354d9fd23478653d5676dee1fc54e6e875acca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3c42f6e499720096de902734f7d68a31

SHA1
82ea0206831e19dc3cd47a86c419907e2900b999

SHA256
eb04e4aa02350d0b79b504645263c59fd66ed03b4ee0f4be9ce6c519a3a7ae0b

SHA512
9ed159713793f9ad6b014fa95d08bedfeb3d35db8be00f485d4e5364bd8d79a1b01e904348c24d015182d4564e44498c202966ff39213ec19b8888333fd9d6bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
7961c0199882e4fbaea58adaada39fb4

SHA1
de3ed1dbe8c097d9da5c09c99355c60f47b7cf60

SHA256
505c24de9e7c2ae3e4e222ab3b8508bb9223c9fe23d4680ebaf9eeada891563b

SHA512
c2a7fc7804b0c149d008f82a78ce1869120687cad7649dc415673ad5ea7f2bea9256a3b7ae3cd91ed4bbe5f68e943843a63a093946eaf5d0fd9e4d5b45753a6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
f1e8981e2b256c9a6c034162891bdfba

SHA1
31c93f2c9e3c6afc6cd68e20035fcd2c66e596f4

SHA256
e4853341c33afaa76c3b3a97c49a365fe9994815559012eb9c93f7e725edad8a

SHA512
c237b21daa7d84c042929616a8fd872478df695ff9d5a4b4c76ecf85b2fca3ea3f70cdad9504662bfd4cadb6310f467a31b6e91d99539ddfe57948ad3e5ddb64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
00c994d2f34b7a5207c8e55fc5f94683

SHA1
47f132b7bf10ab864f27ba85aef43691be9c655d

SHA256
565a9f0bf09152590aefdf7c9a74d94bd1b31c8a91ac0393bad1b82867df7e68

SHA512
e2e9a4dc91eaadc068aa65f2a8e1acacabf9ecccc8c489a8b6674be6b7b75bbbb476845676b6b61db154f345a680ba027a2034f73632db294e2b14b030149842

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fd6bae273aecb11d48b1bc5ff2580e2d

SHA1
4e4d4050c9c30d38ad58d247b6ed577a17fd79dd

SHA256
b1b936fe3fc1c1475f7390314ae30133726b3bd6e06537ddc22b74ad0141ac67

SHA512
162c06ebef33c02c6e0494c5d15a71099150caef7fee74f1ba852ae0bcb7ddcd4af6a8eb94adf6ce17198b3a0781684c4b7a9764603b3043470802b81da0dae4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1d19a224f8be1978b40c9287460b2c17

SHA1
7e0671332c1b052ea6259c5f7eb2211755e20b2d

SHA256
9c8974ec0263b54f67035e8bf0257ab3b27fa2c48516e1609d517a8fecdf617b

SHA512
1d814505e0d25b0f8c87b010ba6dd4cd68a1e07b9b762cd53afa7d6b1fe6db537bfbff142ff294cebdc534392ce96cd4dedb7edf0c52b24b3b9aa38a0350fe29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
00cd0663cc173e08af2617843390022a

SHA1
a16079394f04cf0501bf1fda1a1e60297fd59cf1

SHA256
a1fca48ed432e25db9bffe78e4f5408c9ff36db28cede9dc16fb8ac0885a81bb

SHA512
85b122ffd3723a0ee45b52bb8ee31fb3af2265d8eaf83d0e5978b64273602d38f416c9aa08d836b911cc3653bb7c3284d386bec8782cb314f1d47b9292ebde6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cc958983ae9d80d9d38164cd6f0c47ca

SHA1
6304e9fc68566fbce1aef25f0f207858ee4a1699

SHA256
8501a0f89b2d470c4c38b813c431e17b80c86b603ae545b762813ff66f90c00f

SHA512
113284270d1acde46fd78dd14d8cf35504fd76ca6f975547b6c498df8d7eaad15eaa48eb998e1092299a1e7a4f9c1c78a917b727cc984f37bdbc791d74df0134

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dff2eb38011b5c0fd51e5c286f6d214c

SHA1
6e62c4dc7277ac5d9051d832a1bf511e52be561c

SHA256
39c6c6a3e7289aa7062818e7545a5c367ab17a56906332db5a61f5e39f026af5

SHA512
fcd3379a1ea99eee9d806f3f36429fbbe256ca46a9077c17818fdd63aece95da990c8419330e320f535aadcbbe7fc7f7576850e2cd152777e102d342c0843977

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
17e113606151251347a3ebeea18aa16f

SHA1
640bcabb58e9baffbc782d7b9df295919ce5e7fd

SHA256
fe6ef1d07d99927fd60fd2b64996ba7dd5d3e7e06bc9a66badc3f2842161ef1c

SHA512
5ad5e7b81a6fc11fbfc0da8529abf2da3c5f0b608d628c174226957fc343cb6f13bb2cac14669297c4835c9c60d113bcb9580c9291d2de49de62a8d0bcb1bd4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
62c08a79f9116f63ddedb8b5e053e700

SHA1
b711563f0c46890b6766d0a84e06d76ab06236d1

SHA256
95ee7574bf67ed42ff9f26a469064a055d508fde3c9c2f6835295bc4a5395f26

SHA512
cb28b5ad94fba0fa9a6d5c22b441d6dc1c98776248acd742a545f0389f047c703c4f8e04ec5c0e5a045ac319aba886ee57eeaa033b520685ae3c693fb5c468b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c330204513ba1d0cee5e11ee8e801695

SHA1
5d7c5f0e679663947484f7e6e6ffcb1b56128ab6

SHA256
2a8f5841ce56032df8c46ec7f60ba350c7410872d38c1d394eb20853a536a4d3

SHA512
5dc67da91617e94b91df8bd6ea5b55e69e3244225882ccecef4cf3c6348584c39394c52a815b4b6d637ead7bf6563ff0dca57715dc5f14836d3cbab29e88da23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7f8aece2159fa155957b261db7b1ebf2

SHA1
8a127ce15d5b4f8bf6b52d72d7ef8ef342354188

SHA256
2fbd25129d7b877e83d873d4ad1b73fe603a38749291bb9d64fd78d1097d0fc0

SHA512
c07041d092fb03508b9a419041e02285896c67cfa100a305aac95721528b45eb1ff2321905ac6db847c08cca5b113f13a4378a2d42a2a154059c90e0ce4040e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
44c61d46c8c41ff28d9039ec6a246289

SHA1
21ac4138209497b220819f7c7eef927064ee1e56

SHA256
3bdd44dc06102082717fa30ceeebb3c60e3b14d77e199dc7af82a2929620b2b1

SHA512
8e54879c652ed651b6cf4b34669015fb8bef362707633bbb5978175e0f2bf4b305c0f30279f0b932228830052967b7aad431ebed28570627946c91ba3719569b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
a977a9ca267d2df4e27c6b9562f8d7cd

SHA1
a72f9309f2df139bcec8d541ef130f23edc387d1

SHA256
d5c60b11c02e24dab5218a87659d91f64700b078ba23353c958171eef1e81369

SHA512
eda0f690fa990c412c383a783b664aaba40225c0ef944757a855abb0f06f8da1d3e2b8699405d54a0b8458f06b43d3e4ecb5d4f49a06b6ce5cf8a33d504dcd97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
04eb27ed75db233a8d66e11c335e2b05

SHA1
d6fe4ce9650b7ad9d2a2754d8e0065f1ea5749b3

SHA256
1539ff0140469bf498ce1c97399aafd423a5187ba3d3ba744b1bfdfdf9395f03

SHA512
63832bafd7e0899cbce5b5a7fc299dac85e41d47f86a26d2a5f00de1b78d26faebb403ca82e7923e3991159725a5035f24a9b7d2edbae11e7aa613ab7dc5d4fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
62030825fb690796b04fe83c9773ad9f

SHA1
1d033fdf70580e0a2e4ed7f3ebbb1d97aa9cdbf5

SHA256
96f89169f4f116407d899f7cd20d7b524f8b8fadc94cdea27f698ecd3c4075e8

SHA512
31e4bdaa7c155bf740c6b79d92a6a3491b20822fd20ff7a977f677a636fae93ffc00e4565b57375e37a95dc09b961a679cf749c559b46afb71339f4ae387e465

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit