hxxps://traffilog[.]com

Resubmissions

24/07/2024, 03:57

240724-ejezcazfqb 5

18/07/2024, 21:39

240718-1hpcaa1blh 5

11/07/2024, 18:25

240711-w2m64sydnp 7

Analysis

max time kernel
389s
max time network
386s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
18/07/2024, 21:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://traffilog.com

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133658123644464741"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2636447293-1148739154-93880854-1000\{2B671B70-C282-49F4-831F-BB1D025F767A}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5004	chrome.exe
5004	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5004 wrote to memory of 4468	5004	chrome.exe	84
PID 5004 wrote to memory of 4468	5004	chrome.exe	84
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 4944	5004	chrome.exe	85
PID 5004 wrote to memory of 1232	5004	chrome.exe	86
PID 5004 wrote to memory of 1232	5004	chrome.exe	86
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87
PID 5004 wrote to memory of 1616	5004	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://traffilog.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff93aacc40,0x7fff93aacc4c,0x7fff93aacc58
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=276,i,15184785615291052196,11451576877121729831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1740 /prefetch:2
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,15184785615291052196,11451576877121729831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,15184785615291052196,11451576877121729831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2400 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,15184785615291052196,11451576877121729831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,15184785615291052196,11451576877121729831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3104,i,15184785615291052196,11451576877121729831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3436,i,15184785615291052196,11451576877121729831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4716,i,15184785615291052196,11451576877121729831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4628,i,15184785615291052196,11451576877121729831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3400,i,15184785615291052196,11451576877121729831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5100,i,15184785615291052196,11451576877121729831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5144,i,15184785615291052196,11451576877121729831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3372 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5148,i,15184785615291052196,11451576877121729831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5336,i,15184785615291052196,11451576877121729831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5632,i,15184785615291052196,11451576877121729831,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4532

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4560

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3dfe55349a50c8741686fb236d562911

SHA1
04361beedee117d9777ba674a402a0158cbcab09

SHA256
d58d27087c63ea4ff71a6c89303abe4e922e3d9704ab008c4a071d4552639e8e

SHA512
f9b18489e5412e50c8c61930bfc3fb3501678f9415a8f2bf91c8995e915256594a821f55d5f4ffd3ed509b2ab43a4f8e317d276ce483a5b9efdeff4552ab67df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
aebe153cd72388ef0fe4cb1d0d2f35ee

SHA1
5e57eac2957312d6c7be7c786959e66d7b5d2823

SHA256
1b9fe396fe88edb510519359db33a0648372a54ed528ff92c98e14f73286386a

SHA512
85fc361fec23dfcc48d941593887b1ca64780db46ef488636f549de9e0e61b8fa78089d0b3a3599ce99cfe86affceb9dc9b9d454ae1d90a57c9555f74d38df57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
12257144fd386b571a7e1e315043a318

SHA1
d47f345cca7e80f8a299788a8059ca58b01831c1

SHA256
4ab64b4a0614cc77d7c279df860727ec66fcfee8585851e6d11524ad8e49f1d2

SHA512
2bc96ea8bc72dc6ade7a05124170f2e6610fb9dad6e43f129082f22d2dd8bd0209f9d63b336af540847044b7c87823ea4f353c47358579488f82761e5ce6c935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\3db9f8fd-3cca-49d9-b4de-04b167457aa0.tmp

Filesize
7KB

MD5
ae214cdfdb24a2951c42d228a98e90d6

SHA1
0a6d70acb24a64c0deb76c1ba5e3ad3d55cc2d3f

SHA256
cd967bdd247908c5e6864b9b6960d349705951b8b58b9392817653fb88baac32

SHA512
f5bfc2931bc473cf2d88e9db423cf3e9fd11bbecaba6944838a5a09a38848d20d6c2e8b30f001d7154cc2c36534532df8bd2a4699652273b1f34dc689860f408

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
38315c94808193a52210cd22c4e9079b

SHA1
3f61d0d1b7e3ffbf7b43918826ddd056cc1ebd96

SHA256
4066a60a94d7d72a15592521c6e4435bf5ccf42ef1c77d115ad26fcee799c9e3

SHA512
bcf417a701acce7c703b1a5f4267918362f316e75b59d442e4bc47272d5c4424b32d9b8439c3797dd181bb569db5572f88c59f977cb61d3d49cc5998a715f919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
904ed5ce374d7a5646076d06e78beb93

SHA1
68c49645eb1cc7868ec8652b8f938c7cb4e2a879

SHA256
a9f94843ecd343b9fc4c7cd2639b7fcad3fe3f0274e029dc23dd31120495dd65

SHA512
d602d1e52d7a67b822b85dcfcd1516d68eecc94ce26cf91809906eeaf658ff8260d503ee09989febf90783cf6a6298d2965c9578ac5196b85e826c75568d4033

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
457294c09b1a7b6ddd2786b0470fef25

SHA1
e7f6e622dccde70675a9003b5470081406f357e5

SHA256
f89986993e3c44c46e24c914efc541e43064a090b9a500a6c17c4229206cdeca

SHA512
62538150f3566a90629ceea6664010f5de460f54e786c7403176ebfbfb5c9dc17b12a3c92e7da9093a43742ed58a626de3a9b226e17a7b382cb3813ed8125b83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2300eb3d601158b5f151f04aa04999b0

SHA1
1b7078bcdc6678056b65cc086a1616e7a408ec9a

SHA256
f1a83eb54f15995f8b25d6add37a8ff0818fd65f78048f7665eec072908d58ea

SHA512
f51254bb038d54139dfb80d6b3b8b90152b2d1fd85be89b52388261bf1b49302086da1fef76452c7d41e2b3f6e1345acd866f81d634dfcb63bbd1a5511c359d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
0da75d6c1468dc8e84c7937ebac68c73

SHA1
1750583ec495688a6b2164c0a652075293735c25

SHA256
d1be661abcaf1c6099e6ca65a9462d1fa825429592fb64113a01e504015bc3a7

SHA512
925b87e9abcf2a9ba146fe00a71d7ceee76dad870ffa56a94bab3ed64d23748216fdeff2c50875386692dbb46aaacd628926e56763ff6783de21990704748654

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
f7b7e336f2ccf5e03e41d6294227bd6b

SHA1
b4368372ecf6f49801825c5b7aa4fe4b1f3cf2ad

SHA256
91a2389b3ac79f611ac6f2366c6f89ed42225088ca3e1da0a1f4942a85f7f9c3

SHA512
a3b68b832f1a8c40e87f806d31f51bad317033c7dea86c010886e324d7095989dcf41b86b6233e614c89281f2d9e7d070e4f0869a5bdb419f23fcea04dccfad7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
f99948d8a38ba282a56aef387714405c

SHA1
83c5de12df736b38f508c884691eaf00a6205b30

SHA256
c97d116825b213293073cea5cc2ac7059d20be089716ffc2d34df81280a4e26a

SHA512
0daa006cb2e6d915a6d0c893a1b7c59430814c49c41813d1e56e1b04a5b224f8534d53095b5eee783bda506a682d440d1af1f93f049589efa51d9d446ae38f7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
72ae42d6430ddaddf6907b0cb98a70fe

SHA1
da9d703f687451e77288ae974fea1ccf8838f49a

SHA256
40e6e52c114367b70dd00bc4a58897dec445d6d63588b7d8aa716da6790c7849

SHA512
4fc15cb499262c4b18c5ef26757e1e32c5875231a711a566762b011a5c176639ad00f70c096afae97e6c2792175e3e4114932f5c1acec119dd264584e0431aae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
7623f0c6e51a22af714964038466a7a4

SHA1
5a6c88b5323e44b07386e643a2ebe79bb6c4068d

SHA256
b38eefdc172813f8e1401108e4437907ca5b070b405573967cf647badef6f02d

SHA512
e7b74fd43b57ca9878b48dc00ce66b3e3124135dbd0c7571ee8770c741c0f4ba7e5f25847274366fadf330980319b6a247cbb16164e18fe8853f7d17d2ede152

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
045a4c2c4a14524eac8b86aa2425d831

SHA1
8c4eb1cf0005b76c1587dca2069e8ad0b93fb37a

SHA256
e67f7f6e2a34c12d54c05e84209590d3354bce8208c566e22b4a113b4c99f927

SHA512
2697196e13f34b0ab4f096388fa78706b5649a9a195c79db07de732d678a62019c91f4861b801bb3e866fff84d7c11f56e7529b795e4ea7364b7d84e66bcae40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
4510cfe9a52a2f9ecdf55a06bfdabc69

SHA1
7f962e4d6ff54e25e8dd8928be1aa3f5e70e7e4c

SHA256
68649685fda3252592012debbc494613f54e40dd78f587379b53543b967e680c

SHA512
60a9edb0f20b2b6937d371273e216fc0ccd65b543d3339e9e8c19ec13e328d03dbe87ba487ea8294f8fb38ae5a09529898b60911905e57e600017c10272c8202

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
81B

MD5
7c520137aa58d6c8c36e3c85cb25855a

SHA1
5f661f3288b099e4253c505ab0c27bc628c7b697

SHA256
13593edba7c0e6dda63fc1883968ffb6898968c6cc3cf971262c4d1caea6310a

SHA512
1a3f258bf1a6faa0c3a1c8f3af1c1c52bf846eee6e884e6ab4500f4349eae8366a76b381091f384265a119d10157d10f52300c2a69d408511657c7e765453dc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
145B

MD5
1fb2c0642ac74748c33a2698d8b6333f

SHA1
8b6d0c47327a849ae9291491b48a5e7c6ad823f6

SHA256
259727ae5ca5b45ec448fec0c94d5b534b0d89102f15b919605dc929cd5e418d

SHA512
871b11161921ea3b819392da2a5dcee95f2aa6809822f55b1d54898ee538e4aed832411ce955a32b01d28d1d76ed0a0f6208c9b21f4fb406ce9dab723a25d4c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe57aa1b.TMP

Filesize
145B

MD5
567d87ed3d15f88c1fb49b823b847bf2

SHA1
457ec2306b213af7ee4bff8e7dd5bedfe49ae1b9

SHA256
8cd74b5e8e4f7fb5d8518e34aa081ae3d8075841b1c9ba9dc15d80789b0b656a

SHA512
742b9ad35b6e06f4a5165a459444dae1fe1f455a2972652e375dfea989d9b00bf1d520a3b3a48836ad1f5f1f18de65212fe2f4d420c4da0c4ade154585c3710c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
8c7c04285332dec332f3617fe2e91a28

SHA1
bf1aed7824dd8d9def5962b49e34128b4826c9d1

SHA256
8d6e57d31f03c7c9ba9c4f43d35703ea4ecc32b4b639c24b5812f5cb977e0f96

SHA512
1df2028aabb269b1eebb1fa043c8978d2dc6db706b70203f3bea58cadc527323a3c531c6e32fe776c55fcef7adfd7e24d90befa90f79818cbeb78ffa423088c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
236cfe3be66e048b3c8b8a83dcf53536

SHA1
0b96219783288993f109c3d75454d48c70950d41

SHA256
cb42234c8779a961b729136d0438e59a128e20411355397a843646b0b91c264c

SHA512
9e2914257872959f10f475f577109c18c78ec1e2f1432c71ac3bccd7158aeb6acb4b8097db08105ea7efcb43c5aada4063f4be2e1d929afe1ac60e143357101e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
8b5a13c56444b83bf61ea5f22943408e

SHA1
9ed0c1f954da33620c3fe9f89ce2ce523731c3dd

SHA256
c40fa1734af0a7af8e49ba15c1042437ea6dcfbffb37f071e998b1d318382c01

SHA512
771fe25897742a6bcc633efca434d76c57c4ded383d8d98e5913031169d113e1d2ac49783f761706b4c6878883a6f918ca76bed0fc10cc30496014f4a11e30d0

Download Submit