hxxps://drive[.]google[.]com/file/d/1thJ3r_goEZ3BA-wE8sNYbGUhGv6gTnXz/view?usp=g2a_refund_exploit_440439[.]pdf

Analysis

max time kernel
214s
max time network
214s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
10-06-2024 11:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1thJ3r_goEZ3BA-wE8sNYbGUhGv6gTnXz/view?usp=g2a_refund_exploit_440439.pdf

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
3	drive.google.com
4	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133624918596473507"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4496	chrome.exe
4496	chrome.exe
1136	chrome.exe
1136	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4496 wrote to memory of 4660	4496	chrome.exe	74
PID 4496 wrote to memory of 4660	4496	chrome.exe	74
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 1380	4496	chrome.exe	76
PID 4496 wrote to memory of 4812	4496	chrome.exe	77
PID 4496 wrote to memory of 4812	4496	chrome.exe	77
PID 4496 wrote to memory of 1364	4496	chrome.exe	78
PID 4496 wrote to memory of 1364	4496	chrome.exe	78
PID 4496 wrote to memory of 1364	4496	chrome.exe	78
PID 4496 wrote to memory of 1364	4496	chrome.exe	78
PID 4496 wrote to memory of 1364	4496	chrome.exe	78
PID 4496 wrote to memory of 1364	4496	chrome.exe	78
PID 4496 wrote to memory of 1364	4496	chrome.exe	78
PID 4496 wrote to memory of 1364	4496	chrome.exe	78
PID 4496 wrote to memory of 1364	4496	chrome.exe	78
PID 4496 wrote to memory of 1364	4496	chrome.exe	78
PID 4496 wrote to memory of 1364	4496	chrome.exe	78
PID 4496 wrote to memory of 1364	4496	chrome.exe	78
PID 4496 wrote to memory of 1364	4496	chrome.exe	78
PID 4496 wrote to memory of 1364	4496	chrome.exe	78
PID 4496 wrote to memory of 1364	4496	chrome.exe	78
PID 4496 wrote to memory of 1364	4496	chrome.exe	78
PID 4496 wrote to memory of 1364	4496	chrome.exe	78
PID 4496 wrote to memory of 1364	4496	chrome.exe	78
PID 4496 wrote to memory of 1364	4496	chrome.exe	78
PID 4496 wrote to memory of 1364	4496	chrome.exe	78
PID 4496 wrote to memory of 1364	4496	chrome.exe	78
PID 4496 wrote to memory of 1364	4496	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1thJ3r_goEZ3BA-wE8sNYbGUhGv6gTnXz/view?usp=g2a_refund_exploit_440439.pdf
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbdf1a9758,0x7ffbdf1a9768,0x7ffbdf1a9778
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1784,i,12049908283493684825,525524231122749238,131072 /prefetch:2
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1784,i,12049908283493684825,525524231122749238,131072 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1784,i,12049908283493684825,525524231122749238,131072 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2880 --field-trial-handle=1784,i,12049908283493684825,525524231122749238,131072 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1784,i,12049908283493684825,525524231122749238,131072 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4624 --field-trial-handle=1784,i,12049908283493684825,525524231122749238,131072 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 --field-trial-handle=1784,i,12049908283493684825,525524231122749238,131072 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1784,i,12049908283493684825,525524231122749238,131072 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2036 --field-trial-handle=1784,i,12049908283493684825,525524231122749238,131072 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5212 --field-trial-handle=1784,i,12049908283493684825,525524231122749238,131072 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4980 --field-trial-handle=1784,i,12049908283493684825,525524231122749238,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1136

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\2864bbfb-d7bb-4cce-83bd-1ce69df602cf.tmp

Filesize
136KB

MD5
b69badb3264e16fc6a16d3efc71e7e56

SHA1
e9337e9a88e7581bff90e4ed70e17e8a66cd3417

SHA256
76abd075aecddd8a5b523886d7ebfad427ca10a2e21b204a35c0b0ce8c3b1bf3

SHA512
78d30bd1facd931057c2d94d3cd0e24c19838cd4c919255d5a6f3ea89af27ed26765e5850660d7e07a12db4a9295001337c6caa5897ba623bd8bf8522d2c0772

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
fb4484cc9925377ede2073ef2fb46fd0

SHA1
e484bdfd85df84c7a8d9c9b89e660f588e3e4177

SHA256
a9f38ef6c7d15a2cb9d7e0a1887961c62befe1ea79028c8d4b7f705833b8e865

SHA512
13e9bf839e7fc1609d5cc4901b9995555a793c82f9a280900cded530335b150f6017552c125b02499812cf7ad188c36c1939d4c5d8680f789135e31c064e7df8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
fd43ee5e2a7e341dcf550a8e01a91972

SHA1
fe23d0e77336d34c3e7508f060f0246a4df3f4df

SHA256
437aa4a488c42ac3341ecd5eb531f1661790c000762aeb3819e7bf8b4c000544

SHA512
5fe82ac8a1b56ae04e5adaebc4e7685a4d2b07ff5279530fb9ded7610f72b3b17d15e8406507d9f9c522dfba713e08d58e9a5029b4286f7aef57182134c881e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
edcc2ee9b7eaead472413595f9d15af1

SHA1
3b82cb4d80620f590694d24d9d42430812bce03c

SHA256
a678991c266b2a1d5e9b753067ef3403ac16b9324eb5a0093686b8a9b7806568

SHA512
93f168bfd6c38ed8038c69da5104475f54c240b7bbcdd99b54e8baf8303689c5ab419a499394a90c036e41962285cb57621a15a07ad7bfe1c2ef0e87ab6cc361

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
34e95c5da1a4f39addf1e8c78ca2ca1f

SHA1
3d9cd66123c1988108cc1e08a878a2248b9c0240

SHA256
92d6e6080e637e24235e9429bb0f43033008e646bca6ab80db504741f673b3ca

SHA512
09130454a1f457e558fa3d878e7be3af926e3cfcfd02a7c56376b372b885275af46d959caa1219af251405757b7fd0f1a4153f430d603c80e6ae51b8f2ae7d2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cd3f46820c59e93f424e77c5fdd6dd83

SHA1
77ad9e8090d723458f5ecfdccace451efd693fd6

SHA256
4a72a5b88426cbd905ab7cb0cea3c88a1b4dc93adea8c72a8f1fef319d2f0d3c

SHA512
e7a193a166cc7c424ee81ccf885299b9744f220b4afc00ea94d4aee67799bc584d0996a3c80e34486fdc5ef1d66dff73e86a9e98a174aa2feb3e11ccc5d93488

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b36da63b9679a43dc1fd1a8545a25afa

SHA1
007bf717985ef6e620de9df48eb09c62a7f396ba

SHA256
5625cf65abbfb392490a3a022f35455f548c621657176445357cca35b15114ea

SHA512
8e24e9b227e88556b417c04c39f7aad8e60bda5f7b0d24c80cae9532f2eaa6e216dc2e12729254aadc1c584512c0cca0589fd51559d586a8a46e7036a05de75a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4a2fcd876d47813928ce3081e2f55dab

SHA1
596680e0da429c2dcdb4e69f8b8dfe1b4afd8c0a

SHA256
6ea7fcfd5e63e30ec030ac29b20b5da44036af78d55356d3d29835d62409a070

SHA512
290c0cffb2d64e807b0c21bf9df70a9202abd6df8e2195c2a306d4f215f76928a30c3e222606699608eb711e52e10f6ff5c55b56665b594cd4952fb50c4f1347

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
13608a71f0e9551de547eda8d14a0db6

SHA1
a000fc4be7502e796f415e5730e6ca7e0244d882

SHA256
5c682eefe120269a23aca39b1a9bdeb785913f7129805fd7784c7431a3b18924

SHA512
498f1b2c671f5b0143eacc61d05a562eac9f2b73b0b1721710fc2acde4b8a25facde67f36b8a0435122ec5c9afbfbbc074cff2b40e530aae61ec4f3954efecdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
44edea365b48296b79b20553c8fa1ecb

SHA1
4acae133e378e46f06f14ce48ad6729c2d32b0de

SHA256
c3dcda9638254f57b4368e9ae981ec9c16ce4d54dc63db99d410f35bc198f80b

SHA512
de55f4f60868abb3aa8fa279a3d967deaa7bcc3c4f162048ea72d1d5ae9191786b91bf6b703c060610f79124de5413c217fb9d4acf65b391107900e3ad96acd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2c26e472447b2b7e50ed41b067f1558f

SHA1
e59ad314f9c48de06d9fa18a65c780f4b1736252

SHA256
0ad850333bff3c1e4ebd20d6e378590036a6ad4c83b1ea3e226f40e09b2e2aec

SHA512
06d342a4f851006e9b8ad9d7e8890abf8cc9dd59db284da388de51ac37b7c1b5f08675ff5398ed3d52ca18a81ea0d175734deda1a8029cd6fd2036c9ca82f73c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7a61c33ad375ba2f3e1fd815b885aa48

SHA1
08cfe06e3a0be895fe5784567a27e48d8e23a347

SHA256
617763e10a328bb440f4bba8d876f605eb4481c75961c38b72dc854cffb036e0

SHA512
d70da1b6c19db49baf9fec9f63fc592a400f049b3d759d1ab5805a0d08b18b480799d85de135b10571a4f9bb6249575e425f2afff3b4e805142ea632a060fd87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2fcbae3f6512a1078edd74da4ce460b6

SHA1
28ea297b9ba944ea93a998481eecd0ee68f2c730

SHA256
7d91acd4bc09a63402693cbbf5a46cdd965be744c68e474d3f86cf1ea855c16f

SHA512
0e249c55ef5aa4acca6e7858b54a76cf2c61cd49ed979b9bc0b605742794210ded6940acb7fd304801401781d5ff184e661fce67a867851e804351e35d699461

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
839404d27c1b5722e269a083aa511496

SHA1
0834b84bb7bbd27d434d48f230c48a7b58ac3af0

SHA256
3ed232cac49a6bdd546d88611381583053622f1f7781eb9c4af0e663c5be8ac0

SHA512
b0d2f214ded7051ed20ec986e41aeda5d32d32683cd181e57adf1f15e9131200e144e8d165e90a56bc91ddd22193c69753499365d2e2d4967cd72bd5afd8591d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit