93d751506b3639b4e86a04d44731c3651a6dedf15424869903ee681b8266799e

Resubmissions

14-08-2024 10:11

240814-l735ea1eql 3

24-06-2024 03:23

240624-dxjzsazbkl 6

Analysis

max time kernel
1799s
max time network
1794s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
24-06-2024 03:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RedTiger-Tools-main.zip
Size

17.1MB
MD5

e25b66317db3179ddefb1a71a0c5fa5f
SHA1

d3d0691ebac842cebc47186731ccb713ce893f5b
SHA256

93d751506b3639b4e86a04d44731c3651a6dedf15424869903ee681b8266799e
SHA512

347aa20b0a924137dc5c1c5405635f9be8a2d3c40e40fa36bb200e06e4cef9f2e4b0ef6aaa67581cbb3000f9a0dc4c2915f6ff8d2a67baf654fb1ed1150111fa
SSDEEP

393216:5EwtJhcWzbxveDcu9EEN/vKzV/D0S7yl+CrQpPC:5E6cWzbx2DT9hnvS7yl+xU

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
8	discord.com
22	discord.com
23	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133636730779714122"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-423582142-4191893794-1888535462-1000\{714B5D12-F654-44C5-A09C-9801D603F4CF}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3608	chrome.exe
3608	chrome.exe
4716	chrome.exe
4716	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: 33	4828	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4828	AUDIODG.EXE
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3608 wrote to memory of 3380	3608	chrome.exe	86
PID 3608 wrote to memory of 3380	3608	chrome.exe	86
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 4040	3608	chrome.exe	87
PID 3608 wrote to memory of 2156	3608	chrome.exe	88
PID 3608 wrote to memory of 2156	3608	chrome.exe	88
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89
PID 3608 wrote to memory of 3456	3608	chrome.exe	89

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\RedTiger-Tools-main.zip
1⤵
PID:1128

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7fff17b2ab58,0x7fff17b2ab68,0x7fff17b2ab78
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1396,i,9962875165764197843,7646345650541727194,131072 /prefetch:2
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1396,i,9962875165764197843,7646345650541727194,131072 /prefetch:8
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1396,i,9962875165764197843,7646345650541727194,131072 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1396,i,9962875165764197843,7646345650541727194,131072 /prefetch:1
  2⤵
  PID:720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1396,i,9962875165764197843,7646345650541727194,131072 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4268 --field-trial-handle=1396,i,9962875165764197843,7646345650541727194,131072 /prefetch:1
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4448 --field-trial-handle=1396,i,9962875165764197843,7646345650541727194,131072 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=1396,i,9962875165764197843,7646345650541727194,131072 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3524 --field-trial-handle=1396,i,9962875165764197843,7646345650541727194,131072 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1396,i,9962875165764197843,7646345650541727194,131072 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1396,i,9962875165764197843,7646345650541727194,131072 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4792 --field-trial-handle=1396,i,9962875165764197843,7646345650541727194,131072 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4264 --field-trial-handle=1396,i,9962875165764197843,7646345650541727194,131072 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3308 --field-trial-handle=1396,i,9962875165764197843,7646345650541727194,131072 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 --field-trial-handle=1396,i,9962875165764197843,7646345650541727194,131072 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4284 --field-trial-handle=1396,i,9962875165764197843,7646345650541727194,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1396,i,9962875165764197843,7646345650541727194,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4716

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2084

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
52010dc83b83532c4ae4ad357ffa7216

SHA1
44bbc52c4f1efbc456e73bae340ff7d49ad62ee6

SHA256
19676c12cfbef6e8d288843591d64fec5504ba3724df28ff462a3c3c867a9018

SHA512
5dbbb91fc99e555e5ba22bb9b1a1a3095712034b1ab216b586c85cf5341a88599cb2749af0f002236991f60dc0f31a4ba0dbc9e3d123be02bfc99da2f3062be3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
99bef8b57c6edf67815c86421a9a8dd9

SHA1
b11dac9226801ffbb09dfcfce340903bbb67332b

SHA256
76987805680f054d0b4082e8d7aa245503a467eb3b48839f96c77426bd296f7a

SHA512
8a42111970f0ea933b1e6d893de37dda4eea0dba140e81fa4002f308c53cc96f5dc922934d1976f682ab8f93eb81196f7dd513b1c7921cafdf8edc6f16a495ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
5ed8a1b6f0b186bc50548c6f4645baeb

SHA1
8751cdd270611fdb361387969d59d0ffd797887d

SHA256
698535a9e64d148459a3e0895e1462dea51db0b7c3987d00b1e5730daade2ea9

SHA512
6196544f3138fb506377e935b815a02bee483b013a20ace932bff60a3db89aeaebda12a6b38683047b92a70b46045900d91c16142de0903dc6e16239bb942b62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
9ff436d47b4f69089848414b6d6d667a

SHA1
4319b9d0372733b982b84330c89b1ef2945d0038

SHA256
d449e822b00de3212b6ea63ece0688bd43cf732517ed94299fc902f72e95aeb9

SHA512
d39753da057457630cb432125eb684c8acb8589a6a577fe8718132b0ae474a8c12f7747a8c357a74f49adfc49dd1fd66742e33bd14ad518f38d0023a34cc0271

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5142a06339c276bd920b0d7c2b797397

SHA1
444334e82aa66001ad4b6b79e3ddac1e0f9af372

SHA256
bc01b56e05246d3cb97ec4777e9eaca49854fc01ed8d4eb0274447e864a470ee

SHA512
d1567f860c10720c8a46c094a5c9d7a7a488f801102d8ae7cdbaad893b41726b01ad114371cd099ca77630b2d8158c05d554297373ba6c43d0498adbef650bd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
106bf445384480d04511f22fa679bba6

SHA1
458582532d525adee3993e42564bb1064b17bfd5

SHA256
e421225013be1df443733037682aefd6786dd051c1c0ac2cdef05b3c877703bf

SHA512
1a0ab544f4a7094776daa436857a39d25a376e793a74685f9ad00c07c348d12cdcb3d573f79aa55e6b269a64d4638d8081a04852db1b60ac4491ccf96904d799

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
91b1d5e68724ccec945068c9fc6db46a

SHA1
65c285aa13e2c4cb20034dddbf2537e32db418a9

SHA256
d8d4578fc530fad7ce380d7d486d393c0a0edde0281e8daa2b5756dff7acd994

SHA512
360e6434c04b564e778ace8ff91f3923ab339d6d2c9092b9347d0f7d5373796fb222014126d11a7d27aee04dd7aeaf806b67d603bdbc920c058d4b4eb80f7ac2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
57aebf1210b9101421bed54152ccfef1

SHA1
73142bd5a3c8f4a9f3b093b52c040d9b56b9a9a1

SHA256
2a0ae7e31feaa7cb240d2dd4883fe3fc6d1e2b43b4a3d806fbcb839ec45b15da

SHA512
6dd1ebd2417eaa621a881f5030034b66aaca55e5ec6a8a0f7ab7087d999a769a22a0523f14705aaefefae60249f05f561416cda76277d90007aa706a495da42b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7fe37ff35e0dbedaf784184937362228

SHA1
7636faf24ebada31e95748925ea32f2dac2325e7

SHA256
835007c552b9d07d38ba4c65f5a3f8b432dbf3d138a6d27cfa6c4099e299147c

SHA512
4b516ca7f8398558534d7998d61876f51827f9f9409106ef614c22334d8f0f0eb16c27435752940e971002f0119e8b3e49da72ff521117c4c809656c27e606c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9cd2791e9667446789de3159fafd35a4

SHA1
dcad41a2ef730124c7687bbf05056e0d5698b168

SHA256
f50810b0c5a4064d620c2deef1a4af378b65d6bbb632fc124cbf5df71798c381

SHA512
99f6410d67dea04e1473da4d32a29936f0092ce2e881f7581379d3a7158f55cd1f99feb0afd239324ab48e8dd6afe9390b69bdeadfeeeb4ec7fcd3db233d989d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4159aa3d6719cbaeaa9344c66fcb436c

SHA1
9f306b67d9b979a8514a67185c747a0b38432fa8

SHA256
f686a8f5876d326cdfe91c3bc102068bb260748a682e719c49096ce1c7d45e77

SHA512
9357182da4d65e798c67e765d73d4feeb57ec221fb985a0d39938d197be6799c11d1a5db9f00f03a1c04e01d646fc73b10dfc211a16e712c82942354f45a7ec6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
57ce1028bb0c6d075119a08d3e1172fc

SHA1
8b14d65f64c5b41666887dbbb71be48e92e043f6

SHA256
0111dc737909dfd98937319f03ad19fbfc4068c6de4c8377432986126ea79dd3

SHA512
e84e87b14a951950a6fef977f847d4f2efa4037874f04e11801fd10b503d999f0b5a5aa0706afdc7d46cb3f98e64536b0e5bec1bd38e0864c18118e646435d51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bebcc1c9b96fa4f1756cc749090a61e9

SHA1
7d2a4e41d3b27917652dd3d00464c883031e3df4

SHA256
99139447107e263f28d472c7c374c5609ed2b85702c205b6151c0e034f811f6e

SHA512
d44879b9a4fe493c8d6177ed24a6f4b7d0ac6e5d1a961e4078645dd5e6c131e037c317e3644504565397231854652d8626e17c596a895d3edb1d4ce9718e24ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
cd8615e1eb5f46dad9d8f9facb907ee7

SHA1
782feb85ed7f5f5f496967b54e7d718e08f92592

SHA256
9fd5b5f3783a8718e490a1b0519497a0ee1f4c2b52031ba8d7b30b37359344ce

SHA512
df816b7f4e1609ac363744a0000290b39a3d45e1e8a6a3f245e4f7841e27cde6a27dffcd6b78372fbbc16c8083252414a25cfb96bfbfbdb2da4271a12e41db1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
8e7ad55a26d2626e2e8b34b66f36b476

SHA1
6657cf9d84498f88a0fa21b13060315a058be1bc

SHA256
e0716a685fda1212c4058dc89e1fea2ca29d2db170e7f87dce2ac1cf85b1f6d8

SHA512
0e5e3ecd37af576ceab300e925aa8745641d6b106777f9a7320e70e4ff874553f486d2f81a8748a05fa82c8c0bbb1efc642945ddb19c08fd59c54d43d52e841b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
83KB

MD5
4dbcbbd580958228690999d312df842b

SHA1
980d26068bb932ad67fe1a3e1201687e7e3f97cf

SHA256
f455cd1b1f735bb727c1f7ce827b0de48a31a4d1d39582b70056291c8b18e944

SHA512
6fe8eb5fa8fe9470dea1aebfd01ffd0d0aca1bc477bce4aa6907d448f6288cdb9cd66ed23d99ba1a779edda6be89c0431543a02bfd4790b707ac9e30a129f23f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58396a.TMP

Filesize
82KB

MD5
26d7c2f5b13c1765f454f4d6adec8b95

SHA1
7c50e515c9daba620482374b2b17f29006f8888e

SHA256
db8744b97e86962e2ac9c0464482c6921b10ddd2079d522c21bab25590e6a5a7

SHA512
cf267e33533ee0b7a3fd4ac500de660e8e3d730341880482e99a7f1f5af6693a2d1e841f34a8caa990d89dc37aea106aa9d412708073f74f4dc8bcca7cae6788

Download Submit