hxxp://Anydesk[.]com

Analysis

max time kernel
1800s
max time network
1801s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 10:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Anydesk.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133641317015871627"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2116	chrome.exe
2116	chrome.exe
6100	chrome.exe
6100	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: 33	4528	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4528	AUDIODG.EXE
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe
Token: SeShutdownPrivilege	2116	chrome.exe
Token: SeCreatePagefilePrivilege	2116	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe
2116	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 1320	2116	chrome.exe	88
PID 2116 wrote to memory of 1320	2116	chrome.exe	88
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 768	2116	chrome.exe	89
PID 2116 wrote to memory of 2124	2116	chrome.exe	90
PID 2116 wrote to memory of 2124	2116	chrome.exe	90
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91
PID 2116 wrote to memory of 3176	2116	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://Anydesk.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xe4,0x100,0x104,0xd8,0x108,0x7ffff5f9ab58,0x7ffff5f9ab68,0x7ffff5f9ab78
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1904,i,3960430923708602510,16185625754532201408,131072 /prefetch:2
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1904,i,3960430923708602510,16185625754532201408,131072 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1904,i,3960430923708602510,16185625754532201408,131072 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1904,i,3960430923708602510,16185625754532201408,131072 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1904,i,3960430923708602510,16185625754532201408,131072 /prefetch:1
  2⤵
  PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3564 --field-trial-handle=1904,i,3960430923708602510,16185625754532201408,131072 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4368 --field-trial-handle=1904,i,3960430923708602510,16185625754532201408,131072 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3212 --field-trial-handle=1904,i,3960430923708602510,16185625754532201408,131072 /prefetch:1
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4688 --field-trial-handle=1904,i,3960430923708602510,16185625754532201408,131072 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1904,i,3960430923708602510,16185625754532201408,131072 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1904,i,3960430923708602510,16185625754532201408,131072 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1904,i,3960430923708602510,16185625754532201408,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6100

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3976,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=4156 /prefetch:8
1⤵
PID:424

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x41c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4144,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=3748 /prefetch:8
1⤵
PID:4228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
03500f9f484c50fb62e714742fa1c18f

SHA1
73964dfdec6daf9b621f80cc7c447f4f212e39ea

SHA256
597c9179903380b452f5bb8ac753c7de6e8f36d4fa66c07ff72702fe9aaeb576

SHA512
013c54246b8d14062b95e9bfc0904b0d87e45dfe172f4fc4f9c7da89ecf18fbdb0b96ac86e7fa4cf830ad03b5d4366e8a285a773e96c26b8c3bd855eccfe6bb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
6556e8bb53626be1dc665a5930101acf

SHA1
760909482c5576d6d12ece0f5e314f61a059b23b

SHA256
966f6e48691c81069fbf7763eea421b5c3163c83fbc3fb60283ad0f8a3fa2d1b

SHA512
bdfa3eb1c1572de4853aa7f703c93e1ce77dbc4472c693ebe6c20b4e8d998cfe034a8517d84ec38c8c1d79e4a3983bcb0051c25613e862931c6b563986abfaec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ed1ed15f40b635a4382fb765c5afbe7d

SHA1
9b3d978ce0ab616bf6159d0aae2d979d4a315332

SHA256
2c162eb2f7866c135a13fa936d1f05b2d84f611e75ba2d93d5fd8f58b03e4e6b

SHA512
f60ce994ea60d91ceb73002e4e766f72201db2cbf8b1ebafb147be4de499d076af6bc066cecde549d93740db22669e96d3627196b98c9c74dfe8d0520f420ad9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
94ce5af229e8970620e459dd2a996031

SHA1
91b307608ca13cb22901d98903a6a067d537c376

SHA256
775eb1e1e27767fb99f1311a3880e2f2f1447ae26b73cf043b00cd6cc1263a12

SHA512
d8d376092258ba48d78af311883db53886cc0edf4669afc0e32fee6cbc75fdae40cd634dca598c7176b0aa105cae5720c95f881364636c13f5b656a08c76cf4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3e461219ddcea5a46cea3091ecef351b

SHA1
37ae534614696e5a228399e0e0aee37756c2edac

SHA256
f3fadb9b8154083bbb3002ec46babdec652272ecd543862155e6e41de2e8b1d4

SHA512
d3916a7713b7c2715ffb0404bb4858c654188434043401044aaa29994ddc8601db007e504f5b521633650037d72c09911fd3a2b768a75bdd81d81358f4cf80f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
910729441fdf9942acdf2f45ee83f9fb

SHA1
d1e0b044c615cfcb907147ed7e67ee09a1f45de8

SHA256
72de3944fd5df8fa8dfc6c8279b6c00cd9a45c24c1a83c825c9a2a0d285f0305

SHA512
b108ea065c141053021a4a76ae5cdc0773bf9d4c8a17a74d9c0be33fac43b1885861a0d3d152ee83802fbea13c631515c7edf94740ca7b3e124004f90256f757

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f606032544bad03fd74b08461766d977

SHA1
cf816fef9cf8ab86c29fbf77fdd061a6394b6773

SHA256
8cb3d90b95b7ea0dc91f81f3ca888dfee8acdca4448b053119a8d7a009f4026c

SHA512
9508f415575f3f0a179b6f3ca2d24876e31284c36dd3005d482665210bc5fea2f7411e588bbd6898eba286cd5b3c56ec27f17e24a969cf44d93f7215e1cb4322

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ae689a2144e9e24bc49282f4757ca91c0bf7f5f1\index.txt

Filesize
105B

MD5
2c41f6433f24f41d162d47aa9c28027d

SHA1
fa803357b503be81b97c063c8332743496f5e90a

SHA256
69c5985b22e8827932c8d638c002a5149fa00cd2dde679eb38bb7ff71ccd8737

SHA512
a07db9e9f862d5d300c0c8467275e3ee401dfd337e57e6ee4ecc8c3aee5d8f51c0c78c434a22b574ee275a2da203677f9a735d80d55e307de2876fab0623adfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ae689a2144e9e24bc49282f4757ca91c0bf7f5f1\index.txt~RFe5859f2.TMP

Filesize
112B

MD5
6f068832e06ee4c95dcf6089791231f3

SHA1
30484bac7e9b74698a9187d61274f289e6fefadb

SHA256
501b84747f95582868842858d9daf82b84083b740c1659d425f1d3468ba48e0b

SHA512
42c0dd9a7ad44a521b35c7a5edf046392d9749dec28df79c07444b39a7482011c37db1d6fe12fd7b25f34f0d1532c3362b9749b0cca60596f4ea30cea58b4c8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
39dc8a1c19d84d158cfd1be75c8be281

SHA1
ff982827f997ca12e2f0632f7fb3c67973040611

SHA256
49a4ae90da46401eb3839af5a4612a8a4bde301768c4ef79b4b145b48feee887

SHA512
d1eace8db71bcedc05b1091173055186ee5654481aa9415feca6e2581816298f2523a5fafea9740e315d1f5dd0c05ad9b678c66ae066b3629ee12b066db3e78c

Download Submit