hxxps://app[.]writesonic[.]com/share/undefined/d39fda15-8db2-4c14-a53a-3ed94b26ade1

Resubmissions

Analysis

max time kernel
300s
max time network
303s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 20:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.writesonic.com/share/undefined/d39fda15-8db2-4c14-a53a-3ed94b26ade1

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
304	ipapi.co
305	ipapi.co

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133609685841879512"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
1500	chrome.exe
1500	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3448 wrote to memory of 3292	3448	chrome.exe	82
PID 3448 wrote to memory of 3292	3448	chrome.exe	82
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 4324	3448	chrome.exe	83
PID 3448 wrote to memory of 572	3448	chrome.exe	84
PID 3448 wrote to memory of 572	3448	chrome.exe	84
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85
PID 3448 wrote to memory of 3048	3448	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://app.writesonic.com/share/undefined/d39fda15-8db2-4c14-a53a-3ed94b26ade1
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5fe9ab58,0x7ffa5fe9ab68,0x7ffa5fe9ab78
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1872,i,11677212809714463366,2442104032298616563,131072 /prefetch:2
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1872,i,11677212809714463366,2442104032298616563,131072 /prefetch:8
  2⤵
  PID:572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1872,i,11677212809714463366,2442104032298616563,131072 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1872,i,11677212809714463366,2442104032298616563,131072 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1872,i,11677212809714463366,2442104032298616563,131072 /prefetch:1
  2⤵
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4596 --field-trial-handle=1872,i,11677212809714463366,2442104032298616563,131072 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2408 --field-trial-handle=1872,i,11677212809714463366,2442104032298616563,131072 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1872,i,11677212809714463366,2442104032298616563,131072 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 --field-trial-handle=1872,i,11677212809714463366,2442104032298616563,131072 /prefetch:8
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1872,i,11677212809714463366,2442104032298616563,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4124 --field-trial-handle=1872,i,11677212809714463366,2442104032298616563,131072 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2268 --field-trial-handle=1872,i,11677212809714463366,2442104032298616563,131072 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3156 --field-trial-handle=1872,i,11677212809714463366,2442104032298616563,131072 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3064 --field-trial-handle=1872,i,11677212809714463366,2442104032298616563,131072 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3180 --field-trial-handle=1872,i,11677212809714463366,2442104032298616563,131072 /prefetch:8
  2⤵
  PID:3820

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f0ab3103119800a5e44a13b5520ca1fb

SHA1
5f197216eff08bae8baaf735e12ec7964e105d87

SHA256
5a9ae574a6d753345ef1661a7405ff00ae94df4d06f7b60e705faf494a25898f

SHA512
bb449f5d398f00233a46319c003adb1a1936ba75bbc02e5057606ed0ef6b01f45f796b717554de9990c15d8603e716efe097f39e7c9c5c08263e3fde30b4330a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
255b31925a47a370876d498522e7fdcf

SHA1
d5b9a76fc2750ddb603c4671f378e747626c9d01

SHA256
3c85aa11db94618893645269d0b6de57a51a342b8b99dc67e70d168c78c90439

SHA512
5c31c0b6b0ac3a893cd657fc29f673574244813f96bea6b1dff69b402d6af046a38386408f04aa936be9194ef318a4a7183119fd63739dd2ef019133de1e179e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
10a10515924174a3cd9d4db7f5940cf1

SHA1
1d019a192b115d2458f8226c3cd303dcb5db0d3a

SHA256
c2991555368bde2c80cbdf3f502536ed7c061cb33a31646e5b147ce105d106d0

SHA512
f733b91a003a6885bf2173fca04dd9d745676d4b19c7adbe45361a15b33cf2b9bf445c21666e4daa352824f1c91e9f48a685bf26af87563c08e903814a98524d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
d25cd43316f5c3a2a99e196ce10b1ec9

SHA1
933c71549146f46d2395b26311bdb53263d3dbae

SHA256
175accde38aeff80ab91a72ecf4440523f2a0aae8914adea901188a6d4ba002a

SHA512
e7f974556cd2126bb75428e2fdbface27ff79bce5e6d25d58a34516b275a786e83e372cb4e42b82dfc85feac2ba93c8e3109238d9a1fdf859b3ffe6dff6aa07c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
b267941ab8209ba25777bb09bd89d6df

SHA1
0c2c90bdae5e213bf217faf619decc56317f9ba9

SHA256
5c63e928dedc5299d20fd6d8298bb5c5dbc780322bc2fa0f66d606a2931b5d10

SHA512
8b9a96a4264d9e95ed46adfbaafb24cf579630d427c88f6146a91b1fc6c1793428862488849c77c2924166239f4a8abe3e6427b686e280ae7e23cac1156f5d6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
856B

MD5
01dd065d9e32deea9bb1503a17218498

SHA1
3ef9032da3a70a2e32ab9d72e663fbf2aafc2420

SHA256
b07e797a76bdb18014d3ccb8abd39ffaee16eb5a3e170cc1dcd007a29e5b4ab4

SHA512
b38f4edffbebfd93666a98032e100c72677dde76b360a9ebb3d2ff2c4a3e45e0f48e7010564c8baf10eb519a66fa36033cf9c03dd53791f86d82ef8504f1de8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
94cfe07e877e276d71ddc9faa2722211

SHA1
e68034f4cb1a5479e4ec7110eb1adad044d90c49

SHA256
0417e6ec2a68647074286f0c20220c0d65590f0a020ad68976adcb0b9deb0499

SHA512
e3e29f3e02ec6a965fcd71e974985128fbc04addb7ecd7e2609140c817196715179ac1bc0f6fa7f530fb252ef2940d7041f927c784ef96cdecc8211d6a5de1fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
1ce506db624524f02dcc91073ec57845

SHA1
f1268b07e4e073faa7a5f19e2d7267604ff00f63

SHA256
223a1bddd7a4f6b64922c66abe257ebf104149c9735102296efbd6737e3632b5

SHA512
4d86608be514b505bd77f7b17190ac426fecd43ffbfb02c9d4989dcd326ac26b9be72bb242ac2cfe47dff212028c2166b185abc00dcc1030ff3e800a84fc15c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
761279d056abdff876b91db894c72632

SHA1
706f7b358d7f48ec4778d508ba1245cc7a6e43d8

SHA256
dd2bd452d9913403969dc6583b38176c2f0c2c4fa13d482338bfd4119d4499ae

SHA512
11b12b50a050235905f227f22c60dfa82d1c147ddcc17819b3915fdb42b877098c40cfbc335f4174a15882979c133324fe32b948c864e159b1bf3f7eb98c57d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bf10f5f202c5ef5fa19a6d7967f78f68

SHA1
0ef37bda44aafcb7b1c78914b44a0f96892e1140

SHA256
0d9dfc633d28a50047dad9cbac5f777ee8781e6cdcb12ba2c1fefe0b796aa6f6

SHA512
b9fb0288870aca991c5a7f094c0eef3766e08f4a4163581a6fb40802dc284b0a6d7d5eaea3870722428aaefcae3fb2a63ede1ac7c1d38425fa6f8f3c731391df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
19749709b229f3c90019d15fc9253cc4

SHA1
33176a5aede4ce1a120c8ca8b960ff6a315a0ac2

SHA256
3a192ff3196187c62797831eee1d2ce64fe1e5a271f6511cee54a7e990fec154

SHA512
01ba3f79b1af4167a79508e65ea6ea18e4b0d7d2dec80e9abc893167e213751cc00df6762fb65f89c0a510d6661cfdfeb223f48be7bb8441907c9a6481e7a33a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
e5e494023a7943225cafb9a24aca5985

SHA1
0ad72b1a6081fcb322e3e6a0bcedaf66b370a468

SHA256
c7f288a775a23b71f44419d865af5ca4581afa5ce38f2bdc4261085c440a896c

SHA512
10806ec4479d2abe6a547965a12527295cd016c093589218691fec607bb3bf968bbef793b5faee4547a7a90878cd2a622f9692990dc1d0e730a8665983596d0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
3b8421730507057dfa46d10f4b275e68

SHA1
077ac7269e986b78580d77f96294942b564c1d70

SHA256
45e3aa0011b9bd9e49c40b888ddcc3ae575ff49ad969b47a42b763a24f26ecaa

SHA512
21115d2cc188e85b8d44d5f8696ec0c17fe1c70eb003fa5059d0f93b351cc20ae5c0659ed277cdcd9bd9a251b76a440d92d62b2ece3f2aff534e66e8c09dd908

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
4068f7e1764c5ab7b157730688a26c44

SHA1
d6a7e757121d0df996cdd32cf9bbc8b7aaa859f0

SHA256
e3314c924d3631a4f82ed52afae2c5741aa6a80eae792df89fa79d0b1c8db697

SHA512
b0a86ad36cce208b49522ac0f9d5f620f6aa072f383474734606c38ddfc34416bf56147abc7eb0b0727c1af81e273de4f064106fb8f06540e63c5e3f4b964734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5ac9aa.TMP

Filesize
88KB

MD5
4135bed676f68c2bc6c66c463df5f776

SHA1
0ec3d5c77ab89e90d206d964754834beffecf062

SHA256
fe2d1d62272f32693093171d5cab3815820a85f0f0dfda9271f5282df52e2ec8

SHA512
9f030cc26cd5bb6e5e5337fb928e243d6a2d79b316dd5187dc85ada9f1a52f4fca850615273283bd381824bb3a9e89389093c9c946e8b28527e63f5f92bba3c3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit