c79f307e8cbb931e24b2b2d6470d398b6ade60bd90515430f0a7b8395e522273

Analysis

max time kernel
147s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06/08/2024, 19:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NitroGen.py
Size

98KB
MD5

b3b10ed571fab4d803409ef8061f559d
SHA1

a3b6b48b59c4caee14ae9b657da72c29ac24ea1b
SHA256

c79f307e8cbb931e24b2b2d6470d398b6ade60bd90515430f0a7b8395e522273
SHA512

93629859e7f0edcd02b31ef13d902f7b1bf452eab8e5398bc53391a11253c8b116e5990d62013b649ddbf6107be3ba48e3ff07b7d80b5c385bf42c0244851555
SSDEEP

1536:XfRYQfRYfReIXSG8ZfhIv+pxnn2jOZO2G2SzdQ01DN9sNuQ6SJ8EO4dBfRQ:ZhwDSGGK+P21MynmCSaXUnQ

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133674456320370343"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2884	chrome.exe
2884	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4372	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe
Token: SeShutdownPrivilege	2884	chrome.exe
Token: SeCreatePagefilePrivilege	2884	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe
2884	chrome.exe

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
3536	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2352	2884	chrome.exe	83
PID 2884 wrote to memory of 2352	2884	chrome.exe	83
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 2892	2884	chrome.exe	84
PID 2884 wrote to memory of 4808	2884	chrome.exe	85
PID 2884 wrote to memory of 4808	2884	chrome.exe	85
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86
PID 2884 wrote to memory of 1368	2884	chrome.exe	86

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\NitroGen.py
1⤵
- Modifies registry class
PID:5012

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef9b6cc40,0x7ffef9b6cc4c,0x7ffef9b6cc58
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,8634546037088894772,9252079601912868008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1804,i,8634546037088894772,9252079601912868008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,8634546037088894772,9252079601912868008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2212 /prefetch:8
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,8634546037088894772,9252079601912868008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,8634546037088894772,9252079601912868008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3564,i,8634546037088894772,9252079601912868008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4400 /prefetch:8
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4428,i,8634546037088894772,9252079601912868008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4880,i,8634546037088894772,9252079601912868008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4492 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4828,i,8634546037088894772,9252079601912868008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:876

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4488

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1176

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c2d4e69b1772db89fcd70c0f6f2e020a

SHA1
a70284256e19935603a349eb7b937f78fa674db0

SHA256
9e07a5709c4775bc981ee4d95d591c22fa2bae1925b2a6b642ed072c5d9be38e

SHA512
ca6f18e0dda26a6e62b4ce852c80a8ed2d19af80870506cd6afb179b3e3d032b78f9770180e233a655bd39b18d4d84ed4dea0595c2c8ed9643282aaf1f9bf5c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a12d7203b93eaea94d3d48615ea3edec

SHA1
de840cf01930437235fd8456cffb5ed9f3ea9fe2

SHA256
acb615da4406842febf8d42bcd804db74436f09da112c0121022cb6214424aa7

SHA512
d2bc193874549ff81dbd2fb8949f4835524b8f10c7a1c86d5f04c4045624eb3198ec39989efaf6f3c509d88d0b31a9abc9ac03ab533a61b80eb1561986b8bf6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f40eec94d166ea4e17875d962ed1215a

SHA1
96a9b95ac48777606b177853ace630cbae354dc6

SHA256
08d9c0c27c150dab6260aff11e10c1f6230aac829230e9a847d306e39fc9b3e9

SHA512
f1f7cece433df63529873d2af6d35a093a79728fe2f308ddf4b8649c1e4d59057be0548eba82902e058739a7d58c63207f61c00cac487849470c8c08b8c8f1d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
666cd0ffeadee2d7e3112d516d02ce26

SHA1
9618205d82fce4d25a55c3661437e8661467b58f

SHA256
e9a815482935f41c12dea345a843c92bed2c4885ba0cf3e8f1ece71ea50661ce

SHA512
cd662091c3c56464161cbcf0f17a73f9d02e7b204052a45cbb4ed213e9fec9995bdc733979eebd53891158ddd7204cf8eca79a3cc086d61fea0a8064a3c89c0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
08ff0c2a09c62b754dce8742233d3413

SHA1
b561300f37c4faf6cffe0eab866c837cbb730885

SHA256
d361cbf97d8b12120d903161fa24f4169964c8f3bdb0a28cbc0d89ebcbb45e22

SHA512
f91dbc5533cfe921166f23fc1df9c8178af77d641d058f2832f714e6084dc860b17d5b865948edaf1b972c3784b7794084c3ef4ce26988567aa768deff65eb82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
08515c6fc8766466a59530e66d91418c

SHA1
eec2e3ff612d92700d44635490beb2763a58367b

SHA256
a21f8eefc15e5dae1f231a5632db30cdb7897281459c8f6f447bc824d4131361

SHA512
660da77183512471f132c91404f71a8a5c7b13bb52235d41de9e0c8eaf40792d0f59a79a1621aaf96dd0b24010ea246705108481ef7acd9053acec0a914bdb30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f9cbe8645a5b139b5a776f8a9fc10526

SHA1
fbceedc0d96bf652beac9947ee6fa960a70ad314

SHA256
170272c93ea193bad70c2931f71a354e81ed63b3880320e3a6c272de01424302

SHA512
f8f6b143281629f9eb53c93c1dbcd033e52d70572db1810e511e85c7b01e5f91cea5ce231192a7b8cb2e55aab972920075815b0937b35dd758730a1773707795

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2f6221ffe09a2463c2a54e3c5ea75dfd

SHA1
3e77970fa760b99cdbff27c8224eb4a30490e5a9

SHA256
9df9d817bd61b2ba595fde04c2ecbac4ede18502428e980e49f62ccd9ed47684

SHA512
6b424db64d6e68c5481d44e84f692e2ada9a8d573834642b181c32ce7910702309979a23c17f9b4bf5ae5d8717213815e7130fd158f20d1d9d4c4caf1934a7f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
18193962092e3742ea5a16096f636806

SHA1
deb5de753296a15d6784adf553aeda637d5a5b2d

SHA256
d1a3744de1ab77f7d7de7f1ee5d5bc608c9340123b1783c407c5b35d295ad3b6

SHA512
c153cc09d3098ae2dd0d5513da83df4d8b60eb9402fbf8d5ecb2058a96ebf769440469f164eca767768b9be8be67123962cb57d4c36c0cfcbc5d30f59effc8b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
415c935de4528020c35941f168d74fbf

SHA1
89d8e038d9aacc5672de728405c18222a38d0d0a

SHA256
062444569f5e84d52ba25c57e6a8b01cf12fdfc8934f88a9786db1fd51a289ab

SHA512
faf25a6ee83f93478eff3cbc20fff569b1ef36150f37f5c105af507046698cc6cb200080e0fe41057c964dbf4abf0cbde0da6d638129e44768acfe8ad89c4257

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8cca38771100a2227e41200ce0f33511

SHA1
f473e0a941a64e689827913578deabd93d209d3f

SHA256
6a1332d41c8d09799a657e0ae706124e0e33f820333166bb0a7855158a0f52b7

SHA512
f1c512dfeaff55a1a2a1dd730e462a10a649d8b2f27dee09c7a3f7d19d62ff0e99e85733b5021939e4be76bb39c40dde2f47ec9d0243ec2c5962395c63879b6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
2d583ce20ea38d296f09bbe0daf70ece

SHA1
cceb07cbbacb63e490a0843ae87f0eddea78eb11

SHA256
6e72b4026c1a8526dbf7bb80b9847960cfced7f308d38010aaab6f45c2cbbd86

SHA512
bc1b0a09550bcc130926e84a6c0af040edfe76421fa1375fd72db389ad45aef32ed7a84d160fac70180a82e8ccfbf6234315b59b3983ee781a165e87d86f1403

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
b81052fbaef0c87859484ceb530ff441

SHA1
dae0a4418c7a938b8950ec42e25174c14421212e

SHA256
31292d6fbf662c03383af32b91f7493608aac01c081c66411c61b42cda3e3dc4

SHA512
4df67b76cf5d9940e770fd65839e94899a873e95a687592106ec0abceecec1149e0752b499d7d36511d7ed23f04312cd6a1f8330b0d609e55db7a91aedab169f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
d672c013178d11bebabdd82591ff8125

SHA1
b68b3d2cd3e5195508265051b903fedc33a5e7c6

SHA256
62091187fdd4fb440e9593148e8a8f663a5ffff076ba8ea6dc5fe2bcc9bec64e

SHA512
eae52678641309cf19b2fa6c2c89f609d977ef11a340ff368361cc1620b107fda6b30ede2862c1310894900f9a0626cb69065067e43d34b0e452ff718f08f762

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
983032a6ec5940a45ab43f2e3cf02f5d

SHA1
dc3430cbf47dbb06f79701d356daa624ed428c99

SHA256
27d0667b1afe9232369c21a6947a211075872f4c8e7fb80d124685894a9f0f70

SHA512
2739441e66e87c6c20abe47b2557653f6e1f1f57428e02a5577136ba553bf922680d58eff372da11a0a913fd1c7081d84768b8ed4f0afb8bb9b10ae9b40adf76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
88025747b7eaa092b3aff212adeed9dc

SHA1
fcb90a87f2af1f408ef7dc75a5f5a94ba2ef7005

SHA256
9266e26056e452ccc2f70d694ddb9d41f2f51806b44fcf7b4625c5fc9f0b6834

SHA512
e39c0f28cbdb555aebbf8cd799b901d7a25eac9f7cab15b88057b6b814db125fd04e44febd41897e41e98fd434e1cd41f81101ff549feef7ad9b6aa2c7586d33

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
30f9f69bd4cb3ca8ed4af465e6bf3b72

SHA1
1f7bf3625d683c1af38485d1eb39152949648749

SHA256
fbb114871abc3901711a5f204cb370f1cc1602ad89fa0c8155288ec72e4eaf36

SHA512
ae96746716d0b47912c191ca52db48ee40aca9591444c1f0ffbc913346be1fff1e9f71c6e66cb4c175fd308e04a504367dd56bf84920f94c65142cd8508258c2

Download Submit