hxxps://traffilog[.]com

Resubmissions

24-07-2024 03:57

240724-ejezcazfqb 5

18-07-2024 21:39

240718-1hpcaa1blh 5

11-07-2024 18:25

240711-w2m64sydnp 7

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
24-07-2024 03:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://traffilog.com

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133662670862467755"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-384068567-2943195810-3631207890-1000\{F60B58B6-C46D-4421-BA50-9B72D949A997}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2768	chrome.exe
2768	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe
848	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeCreatePagefilePrivilege	2768	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2768 wrote to memory of 3308	2768	chrome.exe	84
PID 2768 wrote to memory of 3308	2768	chrome.exe	84
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 3864	2768	chrome.exe	85
PID 2768 wrote to memory of 4308	2768	chrome.exe	86
PID 2768 wrote to memory of 4308	2768	chrome.exe	86
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87
PID 2768 wrote to memory of 2436	2768	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://traffilog.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffe5d49cc40,0x7ffe5d49cc4c,0x7ffe5d49cc58
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1860,i,9826886446128286662,14570731918247713918,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,9826886446128286662,14570731918247713918,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,9826886446128286662,14570731918247713918,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2424 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,9826886446128286662,14570731918247713918,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,9826886446128286662,14570731918247713918,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4476,i,9826886446128286662,14570731918247713918,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3444,i,9826886446128286662,14570731918247713918,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3524 /prefetch:8
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4808,i,9826886446128286662,14570731918247713918,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4612,i,9826886446128286662,14570731918247713918,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4444,i,9826886446128286662,14570731918247713918,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4512,i,9826886446128286662,14570731918247713918,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5088,i,9826886446128286662,14570731918247713918,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5152,i,9826886446128286662,14570731918247713918,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4652,i,9826886446128286662,14570731918247713918,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5728,i,9826886446128286662,14570731918247713918,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=984 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:848

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:5016

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
dd9fe755d0418a26af6abb173d8a9ed2

SHA1
33381bb4741f1b3d609f4da5e2f200a0727c824e

SHA256
91576fb10dbd4ce67d336f37c39ea2f24b951e137fad828f7abf1fe8b7ccb258

SHA512
0ccfdc54e61d468d18c7a77a0763d903727244c87b6e677b52c8e2b94851c62884a2ae1da87d097767b221bf086d4106a7e432a37049eaf8fad861f66b7e80b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
210KB

MD5
5ac828ee8e3812a5b225161caf6c61da

SHA1
86e65f22356c55c21147ce97903f5dbdf363649f

SHA256
b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

SHA512
87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
05e1e6ec9eba2006842b32b2929f4348

SHA1
af9f8b24efe742ab6ddd2eaa45b32988117e7cbe

SHA256
796ab69044f4a37060cf2df272d56d624ada21224ee7179e234f358cd9fe0a34

SHA512
e6c7ee3ad82bb52a8a05d08ec0507fa72cd6e8c082685f656808ceec07bd2e815679bd59fe77ce3c001f1101d535749cc152177d54dacd5c0a3caeb707d91113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
88435efff7f5e58a763abf5756aa1605

SHA1
af357acb1b8bf311793d1ddf10e7fcc683e47e93

SHA256
228816cb61e83a5a093f69bb721b75dd5669494b09e8048cc12bad401e3ad756

SHA512
e328ef9f46b91d97b2dbe047dd74cb00c44595a5a4b4410c19920b468d6d6f3f632f37b5c167cff5ee098abad1fe7692fef69f53641c759560f2dbe3d8275225

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
97a39bc6ee2f4efa9d879ca94315dbc0

SHA1
1b387ead75595362f2fd3f97584fb2f026ad93de

SHA256
32b13e27b7ad797a13544f8c4998732599268190539c2f8d6a2d991f716d07f2

SHA512
bb20309faf649aa93615f17234b5d6c185b5ea6c964eccf35ffa7a670d71949bb44748efff8f6e18dd48e12f5260dc874010dab4f192d926e771c51dd082e83a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9a946acfaf301f5c6a6547e658996dfe

SHA1
7c3af3e6c527f3725873361014fb8bc7ead1adcf

SHA256
90c0f630de9796451042217e61921d8593823a6cc3d11c89fec3ec2718197ad3

SHA512
0a559cec0a4bd732bfb836156109be957f0e6d12e0e1d3935a92b00ea1e9e517a19f96711678cb3f9bf7618666b90c8418e929b536721bf7a1904a328fb3c351

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
bd7f3890103f1e7c48d078303bc20157

SHA1
caa258eeeac678f9dae200af184e834f208358a6

SHA256
fe5783ec1cff98d4318dd773a12c01e0297051bd5263467d44a8980ccf06a811

SHA512
2a35e2803e3d3be6c1144d6bcd9951585af5b7c0501f02f343134e4bb1113c33ca00cc56f97923ce9ffdf4e145631cfc1683dcc2ea37003bd2c2eaaddc0bee9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
c40344cef1a4128d0c6eb865d14e8e2e

SHA1
22ccdef1b44f572bdcb2078c27f3363cca4f4a0c

SHA256
9a0a5720c948af6875a2c29865f51a72022b9a1358310644dc1bfbc71f4bb479

SHA512
c6b95408b1d2911ed623931351817a1df6c9dc89440a5c4857b3bef0d4898808dcdaeec9fa30e05f89d736c5dc7c201fbf700723e37a90fe63f21f95dc691335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
0e36352142eb5d60cd073901eb49b321

SHA1
b796a68e4b4d8ca0f98372ddc19cfe91e7edede9

SHA256
7b97050c69e7b87dafdb9020738fe33f66899101dc3d112fa3c51b1c7ce47ef7

SHA512
e7b43a38d8f5b273b2e44fb7c5bedef28e8cef62036a99182073099c31fdcd91d42967b6aab6f34de6aeca1aefa251f48e8baed53d1c4ce7c02b69d116fcb475

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
73afb872150e85080c9cf47866747153

SHA1
3a46ea23a6ed36a164d2973dddc6195e46530699

SHA256
a5a31e206cd0f5f2900ec75628de2a3826b2fce516a00c3fbbcba6eee1a2b4b0

SHA512
1d515347588e3c1885c9dee5c9eeb4e887a81e5f35c8d069d2fdc8c9eb439eaa184df9a29493f1bf839de590b147251fd90853fe791c4c100384e6dca7a51a5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
81B

MD5
7c520137aa58d6c8c36e3c85cb25855a

SHA1
5f661f3288b099e4253c505ab0c27bc628c7b697

SHA256
13593edba7c0e6dda63fc1883968ffb6898968c6cc3cf971262c4d1caea6310a

SHA512
1a3f258bf1a6faa0c3a1c8f3af1c1c52bf846eee6e884e6ab4500f4349eae8366a76b381091f384265a119d10157d10f52300c2a69d408511657c7e765453dc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe579441.TMP

Filesize
145B

MD5
716b92c2dcecc3d539f156b636142dcb

SHA1
6b0159335d0339974b60edcc8eddb529238bd57f

SHA256
db4396924e5f73ea1fb5c90fe11d56d307d55dbc4703741bf3becfca56bcf2f8

SHA512
23a1b3e0533ea0e20e8fa05295ac480934ecac6a73c9112d4d5f796b57e40237f08789d60b49c7c18243dcdd8b85868297285fdea283514ab39e0e6985188b30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
1c8eb8c297e70726ea858404a9a817d5

SHA1
e880596ee526aba234ac3a5ec153b22d2ac09dcd

SHA256
794b02a8ae3229893cc13776e1c9a0ccc275fbcdf76bbcc926e978c78c6c900c

SHA512
de4805864c1f09b7bbcf2e5a7f7249a4356f722b93acdb7cc3a2d36ef7cac470b54714ea1379f820638089864c18283233fdb6140d51f7a5f01a566b5fff3ee8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
cc83f95c91a3ff55ec3a881e74f59442

SHA1
e1d3e2a91e25d104dfbce73317f8180e8307214d

SHA256
cc0fc0bb25014bdf8d7f9adc72ed9ebeb396ea52535737fe340cc6cb16eac99c

SHA512
f55affc4d64d2c00ee6dad7da6f44d7c87b249752ad09a382095c3cad000393de149ba357b1e820dd48739131b3eef706bc250f7e53f7ffe8cb148155b7a64eb

Download Submit