hxxps://drive[.]google[.]com/file/d/1tvCOxeyzGg9Q8YtMICE9UDiT3z7g8ijH/view

Analysis

max time kernel
1799s
max time network
1727s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
06-07-2024 22:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1tvCOxeyzGg9Q8YtMICE9UDiT3z7g8ijH/view

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
4	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133647789642180888"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1364	chrome.exe
1364	chrome.exe
240	chrome.exe
240	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 3700	1364	chrome.exe	77
PID 1364 wrote to memory of 3700	1364	chrome.exe	77
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3892	1364	chrome.exe	78
PID 1364 wrote to memory of 3216	1364	chrome.exe	79
PID 1364 wrote to memory of 3216	1364	chrome.exe	79
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80
PID 1364 wrote to memory of 2508	1364	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1tvCOxeyzGg9Q8YtMICE9UDiT3z7g8ijH/view
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffecfacab58,0x7ffecfacab68,0x7ffecfacab78
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1836,i,1431184657940023718,10663578037117175339,131072 /prefetch:2
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1836,i,1431184657940023718,10663578037117175339,131072 /prefetch:8
  2⤵
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2164 --field-trial-handle=1836,i,1431184657940023718,10663578037117175339,131072 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1836,i,1431184657940023718,10663578037117175339,131072 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1836,i,1431184657940023718,10663578037117175339,131072 /prefetch:1
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3992 --field-trial-handle=1836,i,1431184657940023718,10663578037117175339,131072 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 --field-trial-handle=1836,i,1431184657940023718,10663578037117175339,131072 /prefetch:8
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1836,i,1431184657940023718,10663578037117175339,131072 /prefetch:8
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2308 --field-trial-handle=1836,i,1431184657940023718,10663578037117175339,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:240

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
990c4efbf7c25f0c8a8d30c1a98e22a0

SHA1
2f1148e7b0fdc8d342ccf6258539d69fe508b307

SHA256
03e1afe8025c1cb1337cf734c4c220ffb17612c886c87e7d465121ef67918f1a

SHA512
a4e43926703c0f597f2f98de77aa725c97c91f9e68756d1f0f3475348242f3dced97bb71f77819e6984c36809098a696b9e418c76db23116d30be1a574740986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b2d39419d3632abeffd59c79241de587

SHA1
5dbeb249f7c188afa560c7ed3e8861a95465b5a7

SHA256
89acbdc75c351f0d80ffa63972aa29d2fb650f231fdb48d51b761beadef11bb8

SHA512
1d84ad1548c95cfefde63db3b59912fcee70739cf80daf3c1ca83e532465e31e3f2f721fbb68b0a576f78a5560d951045b35d8608ca1b43fd55582b6dac6d7ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b6a68b8e097c7ae4c5a630899471512d

SHA1
a3bf35a59abe2f7489be34376591c9f3df38a7c5

SHA256
296ba9d568dc88c3e55330dbd1e58b9d00bac6760da8de04e968252c9a53d8e9

SHA512
5a50a9cb409c793824ed8d750a106b83337dc685b664d2ee7c387287c68d8cf821384b9c26b33848531516dbe958b969c9e794b9ef1bbebb44b3b2e76adc97f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
9a6a7738963250abdb74fc35e6153fd1

SHA1
6712acde1a31b8733d7e323c030913da2b75a6ed

SHA256
212a13d8b89b8c21c965f9934746683140bf9a273f64a43ff26894c742a7874d

SHA512
909ed366d64595e24bc4615d9d63e117a0facbb95356a894eee4f5a5b0e33340865f698f237e0edbff80a195a3573cd482e1dd7354973594d5574ea9d98036c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
dfc4c6dde56fa38fab1a2de8396e779d

SHA1
47106c162204c9f6033a0c79725b7a8d56626807

SHA256
745ebbf9f3325daea5e29d7bdd58ae3c090139dd064a2eb797a4dd3e89686c68

SHA512
590a9ccabc92dfeee1e6d1223a3b894f55f2a94d29eb38c188a076d851cfcca46e98897feba86499b44115ca34aa1634c10f63901586233afc636884c558296e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
4c14d590058741c56468a50d74771aa5

SHA1
449c4967f3e79be3c9fdf0d7edf7d829b9d479b2

SHA256
4b48c0bfcca89643219e5d2268a17815823ac65d9ea80be012a69a0e528f7800

SHA512
dcd7e983b3dad011f87caf651b82ca43d86e27ec2a613a989aa3a63dd724bbd95650786178d468f84c71ebe50f673ef5fa11811a3934b6ac9beda6262c1acbe1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
f68fdc90c52f39f057895f9732a4e243

SHA1
c25e53c395c0d24c99a9da90e6d362c1fd838606

SHA256
6163872bcda0c2d7c53a03dd495301055609f071378cce61d2275725e87f5fd0

SHA512
692ed655f5d58307748bcb7456f8256da9ea0878df32784d424e2010e680ca1926cb655ebd981f54ba4c3906bed375306bf9510432fd6358801edb740a1c1d5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
2b44e3f14c7d2795643eb36bf395e753

SHA1
d1e511601a710ba3f543a2a3c916a1d0e67395ad

SHA256
f16a188129eb1fe50f28003fa8dab58bd64737aa8ee9e6c6adc57f32163cc020

SHA512
8a4527e6ab7b0c2f1219b2fdf8b37dffc8225f45d388b8921162f7c96ada6f0c9fe63dda1b7af73a65055988eb15d4323436c0846044d7e64cea0dcd3cb6bcb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
05a1cb9cb7184bf2418dd6fa558fb8e6

SHA1
035d3f42668e52ae4b3169bfd73cad43a652af37

SHA256
6ac28361df4579ca9425e76f2ba00f1e7fc8b64552d845e9213d6db2117e16b9

SHA512
08688dc35cbc90817a3a9eb32e8946f9bd241c99faab5a965a970169dd0299a607eae6e257abb616b1dc7e13fa1782e2d3015f40d7786b3b86cea9fa55080be8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
ec56ec1846d3b9661d4262b049b8658e

SHA1
b6e9c366685f45b5d988c73e217a25093416a082

SHA256
596878516e1412b6727c67f069c19cac39389b0ccec0955f3f5924d69f99b17d

SHA512
a7833d97eb14578d50f1d0c32f270efd409b7808c16b33fc3e9255f7942c0cc1d5075bbe042cf556752fe5fcb61b863d6ebfbfe43f726ce3c3fffd0719d16170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
2654b6caf63f4375ab028af1b97bacdb

SHA1
ee99739dbdbe3510eed240e8adbcb74822ce9552

SHA256
aeb288ab87debac0f8959d60af8bb1813195918700ce256a4dab0dc3fa71684a

SHA512
e91cf57bbe7b3301c191a461e1f915d447c32bbbb05d7c4cb3ddd38a7738523e3ac704f63796a1ed7296ae2c7fcbcdb452ff27e7cdd94936bd85f979a1274d0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
b72429d4785f91a74c52383bc40f1785

SHA1
6acd2c454951942fddbc9c3836de7042b92f09d5

SHA256
b9774821c0633279c331c838531792382657e2bbc7859749ca6bf248ea521bb1

SHA512
1139d58db6cd525ddaf01a2d052caea9025a7d456313f80213a84ff91bb3c3bdc2c28243fa5f47a2150a5cc7c7fbfae2a8cbc4c0f2937ecbe0aab10a1f758f1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
60bf8f079b2772e5d8a99508eff78a62

SHA1
94b76a025a4d4354f448bd8d72d76d70ac6328d7

SHA256
ebfca77ab7da13a957a7f97c1bb93281db99bb5bb6ac781063012ecc13b4f007

SHA512
dc1fe3a59940f3ca73074347b51bae4a9ae87760f8e4cf2e2cdf2ef19476360a217fbfff136bb6794d783aaa3172302b291606a1e927922c568fb259b82b8609

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
7c0928c8bc80b4b98289639c2a71e5fe

SHA1
ce32a148bc309dad6cc989c1a35365faf42b8867

SHA256
be3d635542c87a32167eca3c70d43e66ed9f8b033b0358ce9c1507cb097326a8

SHA512
cf7a0e1467e228aee201d0b22c3da38e49d8269f4b42a99363becd8e292f0362334fc4725e0c585dac8eea8f850daa2c449056cecaf7e205c721899293a25ff1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0ecc115053e0068dfdae98156d05d95c

SHA1
3137c21358334312ed3dce3fd9a9e6abe6cef4e3

SHA256
d97e757f80afa25f89cca099b519eec479746af79f80be044c7a5cefdcf0cafd

SHA512
5bf6a3361b48d683df0ba6d0a7a4f0748962aa02406fe05e1688bc1838d7e7f7621eb421dc7fdb478bc7ba687448aee0cce4fd16922a5905ef66a6213b0c8b36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
224444ae46f6e1284ed6f46e5fd9dbfa

SHA1
961c725d9ff185a11528cea63815272b2cbc7cee

SHA256
e71c44421c37f02d44e2d0417805365cd306cb8495457b72ceed7f70ab507965

SHA512
9998adc0e3feac8438df39339c4f63f09258064d4c88cd5ba0005dd421577815d3b8f8ebb75b969d7714728f5b16dd822889b28194031732a573d2d93bba2e1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
66accc014a67a0858670aeaedeaf4cfe

SHA1
c1e0c6d5788f4f8c6f37f0c0e2b984eb30fc37fc

SHA256
3c9a9a4861ef8edcad37262b4d64444fa52268724d1f0b7287d52e9db292d451

SHA512
22bfa3a12a55441457829703187b23d760bb43522a54d03de935ecd4b70b68b436e676c6ce0ca0a0ad221ff9d302873de0c97ee752c2af6d1fc1cfcfab25600d

Download Submit