hxxp://bradfordtuckfield[.]com

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 20:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://bradfordtuckfield.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133639930352449384"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3558294865-3673844354-2255444939-1000\{AF62C9D4-8A2E-430D-8123-243BFA8B7ADB}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
648	chrome.exe
648	chrome.exe
1728	chrome.exe
1728	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: 33	400	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	400	AUDIODG.EXE
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe
Token: SeShutdownPrivilege	648	chrome.exe
Token: SeCreatePagefilePrivilege	648	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 648 wrote to memory of 4888	648	chrome.exe	81
PID 648 wrote to memory of 4888	648	chrome.exe	81
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 2720	648	chrome.exe	82
PID 648 wrote to memory of 4012	648	chrome.exe	83
PID 648 wrote to memory of 4012	648	chrome.exe	83
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84
PID 648 wrote to memory of 2908	648	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://bradfordtuckfield.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd7dfab58,0x7fffd7dfab68,0x7fffd7dfab78
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1784,i,11331170199390419055,3184345993005359735,131072 /prefetch:2
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1784,i,11331170199390419055,3184345993005359735,131072 /prefetch:8
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=1784,i,11331170199390419055,3184345993005359735,131072 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1784,i,11331170199390419055,3184345993005359735,131072 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1784,i,11331170199390419055,3184345993005359735,131072 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4240 --field-trial-handle=1784,i,11331170199390419055,3184345993005359735,131072 /prefetch:1
  2⤵
  PID:264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3252 --field-trial-handle=1784,i,11331170199390419055,3184345993005359735,131072 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 --field-trial-handle=1784,i,11331170199390419055,3184345993005359735,131072 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4544 --field-trial-handle=1784,i,11331170199390419055,3184345993005359735,131072 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4660 --field-trial-handle=1784,i,11331170199390419055,3184345993005359735,131072 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4248 --field-trial-handle=1784,i,11331170199390419055,3184345993005359735,131072 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4900 --field-trial-handle=1784,i,11331170199390419055,3184345993005359735,131072 /prefetch:8
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1784,i,11331170199390419055,3184345993005359735,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1784,i,11331170199390419055,3184345993005359735,131072 /prefetch:8
  2⤵
  PID:560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4316 --field-trial-handle=1784,i,11331170199390419055,3184345993005359735,131072 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5180 --field-trial-handle=1784,i,11331170199390419055,3184345993005359735,131072 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1784,i,11331170199390419055,3184345993005359735,131072 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 --field-trial-handle=1784,i,11331170199390419055,3184345993005359735,131072 /prefetch:8
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4244 --field-trial-handle=1784,i,11331170199390419055,3184345993005359735,131072 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 --field-trial-handle=1784,i,11331170199390419055,3184345993005359735,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1728

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4192

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4 0x380
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
38ce2883bd86d0b61b467693f3c4e272

SHA1
e06dd413d6165409182676c2700c2536f49fb442

SHA256
3031e8170a19a35747918231c075fdc0fe9659aca217ba5d73c80912ad036f8e

SHA512
8275587c835c62c65da1c74c85fe3470cb903c6b40547b9f60c802b33282c7dc8284a00b0f579f7a14a384174fa44c434c840e98c958a5ea40af946fba2cf928

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
ca9b92ca1d2bfbe60a222414f0d06788

SHA1
d4d4fcf252610942b6cf085c19bc61b9afd50c8f

SHA256
41e07e4345f69231d21134663430767dba890b3cabc2221053ab391694796541

SHA512
63566d5f7460cdc80b52f60f85d4a045794d6d739f1f9c1f9acbf7e8e20b5c14e18a35470692e5340cd6363e435510fc1ea23f5a24985c8a66cae34e415c5848

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
977f77a9f1078d7a227cf493e71928d0

SHA1
1ce3210312ea990d344c278632e65642979f7d9d

SHA256
ba39651af907fe769674d9f8ebdeb03a2bba5afdd15de5fb2dfcaaff1f79f13c

SHA512
aa08787d2115744b0c9d021666906373d4687b2607b7dd063ab986139f8a23ceb3b6c81180cbe0b3abe7a3647ac51a56d1a8356aec09d0908bcf28718bba63a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
68f7dce50ba4ee9d3a1ac8eacc2c5296

SHA1
27fb24b62220d2dca56e9dd7aea9cebb2888edb5

SHA256
eb0892a68687c4448433bbd2897ebfd0d8b69d9ef5ad9ade00ae836af3d4e02c

SHA512
7687c1a0cd0aee761a9e179949633117e8e10d88c3100c6ca80a20696dd52fbcd0d2073b6524f1ec01d2584331e954d50c82e7b6a2f5b93c15ce9b18c0f40cb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
851B

MD5
0f48b741586c656b9ace7aa036444980

SHA1
e17f3fd74b2174b03e5d4b68be67bc13643ceedd

SHA256
257ade0d2d57ba8ef0c01a174f318fc565ce8d668a85000f54cce0a7e0bf1630

SHA512
ae51c12058546c12bb0d537ce3aed54c7b81ac17ced77a7e715372dc342daec53b79cfed638dc26a5aafa7f90f881f83718f26a3260dd864499a1268922631cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a12ae422145e4c60e8ab8defd2bac138

SHA1
2e0017c20264a2ef65e3ac394372f6079b238ef6

SHA256
b911dd0d7da6f74ddacd9b789685424e033c3b2deff0c1d6cfb7592877a36bc4

SHA512
6fa87fe54b356fb0287daf785eb8f3faa9a4b2d429c6c25647f50919d1703871a7c5413b550b29fd279a98090c69692cfa3d11b5bd96cb2e999b8eda7e8d99f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
767f217c95b86be1573848a8897bda8e

SHA1
6e97c86105a10a1569e156adcb63d1f7715efb6f

SHA256
edd2f5ec469033f5635dd4ee509917f301a5ff1ff5d783c3ce9ae51499cd82b3

SHA512
fbc92a5d109978405ce76882fc51287222470965b784ee60fb93223184d9f201a3cfe3f74612c873d94cc68455daf747a681e5d72959816692b0074e807c99da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cc718e7a9c497ca172aa3957548d710b

SHA1
096d357cde04f71638d9eae43473b11f6e228c44

SHA256
1cc104a19143d2d7bcd9d523c6fbbfefac137bf203ce893f649604634022c997

SHA512
a69e17bf555ac1b765db501b3163ccbbb776d0b2c9863e380cec4b4e8ffbcff2191c60edd93924854956b9d30a2b4c69fb4fda091b888ee48aee28c47ffac7f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e940e309b74f028747f1f126ec7f38bf

SHA1
1388bcf7a8cff4782ecf755e97e54765df86e2ab

SHA256
db7c258f9d4f22fa41510a3006956cf9476e650decc678eac76ac553bb6002a3

SHA512
d77c173cf12909181143ad8de887318a30e64f630caaa365ab4821bd55eaa466c05d84af36b5f8e51f7ff6dc807f121446d4208d2ab6e5d6cf2de6c6c45c90ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
088fc786eba5d8d0269829166fd57fd0

SHA1
05ba58b7645a547714801689fe44acaf581aedfc

SHA256
da1eb4f296fd8d9cddbfc49f41dbb441b9a10d1456610c41a449684f8c0d59a8

SHA512
6cf7406e867d3ab6fc77b8eb2e204c529e380e534600477cd5f74470645d4217393705e248fd6dde6d568ae5ae30e0ab1738a60dbcd9041c5071d178011d1abf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
028e7f12fe85fcc0acdc2b755d13a895

SHA1
bb95d6870f98ef03f6f7fc77f0b91d7c10f2d602

SHA256
2f80815b683afa03a057d85dbdb5fe465280e8a25acef50a9a818ef243822152

SHA512
6d4eadea7605dfff5fa3aef90f4b4181fd11760326726471d9741480b7bc1905b5e1e7832c7d6ebead5ef12c26c7b478975f7de54cf738184f41df18ef89ff06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
6a4363700c20dc5d134178c788078b6c

SHA1
908e0dac379b4f3c48173f694c9cd89397576227

SHA256
78fbbaff898851ab4786540f4b9ea846838253255929fc46eb227b5ab76ec1d5

SHA512
777cf09b497828ac2a9c87781bdfd5612318e5d05abbe5da9185b024cac4e31390f1316bc2fb2de344a3b963ea6dec066d1a96f0c746c2a20e22ff9ac0f7f3b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe578b0a.TMP

Filesize
119B

MD5
8e228d97d4c9b1b0cabd41dc4cafa27c

SHA1
c32e4aff2cbcddf421871b467c8850f3efc4650b

SHA256
5934e3e9fc0b63b9589068fab21f00f9d080ae65a85151ef318b3f1bfceaa07b

SHA512
c7bbcc0328ee18344e4d8298ec18ebe38b2a7c62b0746f37aa5ffee9557da546f9b0c90fa47a18ef7939fcf77e251afcc6112977b1a52274555750b4c62ffecc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
af335bff2b861cc78a109134f1d53c8f

SHA1
ff1422263c4e09e3dd3ca2490b4d3c716f4d3e02

SHA256
59b0274e50c64f21260558dd49cb0295cac7685d2da3403e1cbc0c20e728a4db

SHA512
b5eeb09f3ca3978b0eae4cba07661f5c545b7e9d7f31a8b0ce5e9b91350469d53762ad1516433d5dfa98c44639965da88b96e86d9790a55c79b27eb0c6676068

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e6c6.TMP

Filesize
48B

MD5
531c3b65110f1f1a731be37e9a1aa81a

SHA1
fff78cdb177cb215ff8568bc7b66f357e573b219

SHA256
6b3dfc499872b30ca050687dd525db4361267ff7746983862f33bc2d1c37047b

SHA512
f0dd7a322d0a1ace14da8ae78d138a82456a7eb72e1fa0f54879fc3d110d47da00d2a668f5c18ded421c2b9486594cdbf15578353c47b4289d92a32088c2c44f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir648_169457837\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir648_169457837\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir648_612853048\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
be744e03d40e10fa0799a6b6280541f0

SHA1
eff45135d97aefc3f52b568292b8f12054cf2610

SHA256
e0949637b96acabe530c22cb797cb57e1263df093a19c6f93b09fd246a75ed38

SHA512
a7edb5c4950ec3dcb29e5de724bf63f2915a3f7df0f70931f2c3df7bb5635358cd3aebef5b75b50d72354de3743f69bf20c9484f13425f7d63728431a52a0207

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
206fa25e7e96c21242f037782dfbff02

SHA1
2870fbd5cfdb93296c581ef99f5d76b5afc631d3

SHA256
da8d1fb2cf999d52b071ed3e815162293f049d143a08f55c39c7f3f8c863aeba

SHA512
4bc7e7e723b671b2ba842933fbe001179dd2adf0a1b6c7c3a57bde8c2c063644709cae017d49fb7f2098a67156b5c9a467c4a99755a106811649735890f3e5b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
2c3678fce6970b73b0a7a217cd9aa05c

SHA1
848182b634440bb130e355f18762b364d4a0d7a5

SHA256
5106ddcf93bbbb097627cf7a6a09ced03fa835abe549f841324356a9d8203328

SHA512
b55686044d94b51569a73734d7fca86520f10e3fd810bf902acf74589a2d77c2f70be80367ab30e22a03440d642288c5edad9f00d35ec4ebb841f770540593ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
3f12421daf3902ebd1ed97f7a179aa09

SHA1
b3784f8384fd8218194c50008e20ccf2869bf9ee

SHA256
ae6fb592b53b2f63ed41cca4b24eb83302808bd0d2a35246cc304a5c5009e16f

SHA512
e927ab97954ef42d220c5a0c7c0ed02284cee16569e8fc1565e7b028711939d8724d5b9661fa9faf8d176d863eb87d3c89e66518c53b31d6f0a30d82bdbbe50a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
c5004587421df3d8b54c0197fc6daab5

SHA1
6ad735e2ea0fcb9d1e1f0f6d95a68a10b2d71566

SHA256
45143b4dddab88b4f051ad9396fda6496ca30adac3660365572ccd798aecb701

SHA512
8bf018cfdca2188be74d09f9635db261a16ec1f34f5929b38be2cde26baaa64cd0c723d01f9e721d9cb41f2ecb5239d30d30cdbed92f86d6751c65eee0334119

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
b94f5bb7185703c702ca710683122d5a

SHA1
7978aa4d3589849b1d355b73d17ec3c724f62dcc

SHA256
7706f261f693263ddcb35140328ce6d3b9623054874d305d306bce11d2592843

SHA512
8e162e7ff0c1898b6275ae9077bd375b5d712a5cbde4c3af74f4630e8f5f6bc0fb1df946203654310bb0b30c8bf5f9858562a66865f9f232bb7a53d00fc9aafe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
89KB

MD5
c22afe8a544d70a175f2f78863cac5ba

SHA1
237fd4b2a85da10743d00b94a220b6db507b91cb

SHA256
7b6053ebe4de87d70b58ac25932a0b2efd699711e24de574e61075e2052f93f5

SHA512
6dec37c56396a628ba9e1d19b150926050af50a05a7a65176b85ef427637e530210e279b13bf0b888593225a04fff98a9969591cb603d1b170dac94c00030128

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e714.TMP

Filesize
88KB

MD5
f96397b4cf70f3130133c501ae54f507

SHA1
2c4f97369ad705ed32dcc9296dc1059e3d040492

SHA256
6b5bc10291e22f1571c72e20d2824f0412587603bfe8caabd81f547149ab9377

SHA512
e04d13b323b21f0e2dcd97d6a50fff2b4496fb7aa1ae95896b82c0b7784805815ac318a72ae884c6cd1446298ee869022fcb1d1beb0921b77f85f605dd6cc486

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
6aee0a971677ee25a7d9c40d25eb408d

SHA1
39a5828c436492a0baf2f0cd8ec01379cdd7acd6

SHA256
2b7e294e2c8c6574ff843bdef4e5b6a244e96584ea5ca50cc23d5cbab052bdbd

SHA512
9e780a4d5768e243e4320a03e87b7bdaa07cd47804c4b7c51d5d1a2f4385c342b68c3e2103733465d165ddd08be2ae8a28ea435be31faba593e99d321316642b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
50cb522a39f9ba6a583cc5eda150b5f6

SHA1
a68dde58712c56696d6193214deedeb82f5db21b

SHA256
617f7ec5a3f318117c5cbc4b193dafa2b03047b36c837e0462cd2042fabde195

SHA512
3121916870809f4a3b58d73322a25221e3448ba71a25473a4d85214bcf7323a7259c8528ca6e6eb8241cabb77a989e5c35e0bbbe24d2b910f9c1bcaba7a37da9

Download Submit