ff67983a514940c6d29d1ec51b91c406255b3af396695559dcd2b17d6384cc61

Analysis

max time kernel
150s
max time network
151s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
07/08/2024, 22:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PSXDownloadHelper.zip
Size

873KB
MD5

dd42823e9f2916301a3c52585d0ab3ea
SHA1

71e6e10eb26dd542f14efcabdfa388b343276fc0
SHA256

ff67983a514940c6d29d1ec51b91c406255b3af396695559dcd2b17d6384cc61
SHA512

4589c9034c8d981cf7bea3f648d1e1144ad0ada6f39ce65c322361206f05956f23738da036c2e3cb162262fb82c81dcf27bf090518d5ee5cabda5a712ed1191e
SSDEEP

24576:BIsSE8o3pwpMyTdRifTb+pQc8pykeU8c87babiZRfbhYUd9sofx:cGwpFTdReTEQVpykdsJhhXDfx

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133675446840973209"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3304	chrome.exe
3304	chrome.exe
2516	chrome.exe
2516	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3304 wrote to memory of 4540	3304	chrome.exe	77
PID 3304 wrote to memory of 4540	3304	chrome.exe	77
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 3980	3304	chrome.exe	79
PID 3304 wrote to memory of 428	3304	chrome.exe	80
PID 3304 wrote to memory of 428	3304	chrome.exe	80
PID 3304 wrote to memory of 984	3304	chrome.exe	81
PID 3304 wrote to memory of 984	3304	chrome.exe	81
PID 3304 wrote to memory of 984	3304	chrome.exe	81
PID 3304 wrote to memory of 984	3304	chrome.exe	81
PID 3304 wrote to memory of 984	3304	chrome.exe	81
PID 3304 wrote to memory of 984	3304	chrome.exe	81
PID 3304 wrote to memory of 984	3304	chrome.exe	81
PID 3304 wrote to memory of 984	3304	chrome.exe	81
PID 3304 wrote to memory of 984	3304	chrome.exe	81
PID 3304 wrote to memory of 984	3304	chrome.exe	81
PID 3304 wrote to memory of 984	3304	chrome.exe	81
PID 3304 wrote to memory of 984	3304	chrome.exe	81
PID 3304 wrote to memory of 984	3304	chrome.exe	81
PID 3304 wrote to memory of 984	3304	chrome.exe	81
PID 3304 wrote to memory of 984	3304	chrome.exe	81
PID 3304 wrote to memory of 984	3304	chrome.exe	81
PID 3304 wrote to memory of 984	3304	chrome.exe	81
PID 3304 wrote to memory of 984	3304	chrome.exe	81
PID 3304 wrote to memory of 984	3304	chrome.exe	81
PID 3304 wrote to memory of 984	3304	chrome.exe	81
PID 3304 wrote to memory of 984	3304	chrome.exe	81
PID 3304 wrote to memory of 984	3304	chrome.exe	81

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\PSXDownloadHelper.zip
1⤵
PID:4384

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe3d069758,0x7ffe3d069768,0x7ffe3d069778
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1800,i,13692298294955786010,11602819330932145548,131072 /prefetch:2
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1800,i,13692298294955786010,11602819330932145548,131072 /prefetch:8
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2136 --field-trial-handle=1800,i,13692298294955786010,11602819330932145548,131072 /prefetch:8
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1800,i,13692298294955786010,11602819330932145548,131072 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1800,i,13692298294955786010,11602819330932145548,131072 /prefetch:1
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4016 --field-trial-handle=1800,i,13692298294955786010,11602819330932145548,131072 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1800,i,13692298294955786010,11602819330932145548,131072 /prefetch:8
  2⤵
  PID:32
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1800,i,13692298294955786010,11602819330932145548,131072 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5052 --field-trial-handle=1800,i,13692298294955786010,11602819330932145548,131072 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5020 --field-trial-handle=1800,i,13692298294955786010,11602819330932145548,131072 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2928 --field-trial-handle=1800,i,13692298294955786010,11602819330932145548,131072 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4016 --field-trial-handle=1800,i,13692298294955786010,11602819330932145548,131072 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 --field-trial-handle=1800,i,13692298294955786010,11602819330932145548,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2516

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
1a786fd43bfdb1c512914cb1c7566705

SHA1
88eadf96eb392ab295881f649d532d8084e8da9d

SHA256
557ed522a24a860389d48384672a18b6059596d060f5e3e605ca75f13297a449

SHA512
2bdbaf1b3f0ecbfbe63340c0c833ca66777de8417deabbce06ace69604c2fc565bd0d453e23c9444335a92855a8d328549ed2c17d065743cd04dbbedc0bb2f11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
249df7714ab5f3f870e27d8ccd961f04

SHA1
60ea69efe4a7b492c54643d69fb1650ae484b104

SHA256
70585e4ef2a09e645dc2834a9ccd7558f8cda3e78432f38079f2636d65dd9ee2

SHA512
bf929eae716cd4daeb6f973c5d0764264a9039c0decce71ee228dcfc0a0d102dd9ce99e3f6b3a7ffb276e2ba6ec105c5056548545c505ee8b5f83e771e749c2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7e9d7871cfeb5a6ef4d792f7df6b07da

SHA1
e67eae00ac62a0bad4ab12560b6c7cadc40fc119

SHA256
05795fe6169a67fdf5ec6a3640a6bec6f5798034217dff4258294996684bee75

SHA512
9ebf4d68d17a34fb114724101989bf617ae5622947a70ca2d8ddc26f9d271a1ada4bdb12a1949a0ab020214ad8637ebf0c6f4dd2dd165642a5bae6583d873ed6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
367B

MD5
3e7d89b7b55a13f383362b8ce77a97e2

SHA1
1b7b669cf480ddfe10749a5807195383ac001e27

SHA256
82ca9923737da1d20d60106eace73690fa70a0cd1f9945e19e2fe7a5c3bdf8c5

SHA512
a7ce5a8ec1c6e2c6e8f0057657d95136729756877ea640a49777af4608254ccc2cb017d5d3f26ee156170b93ebcd956e51a97714fd4dea85274ddcdd904d3b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
367B

MD5
9b79904999a84a1ec2b63b0661986873

SHA1
627e2cc480afb9871968a7f5086ea9645dd1c55d

SHA256
170a8cf1ae8441d9f1a8b2032c87eac20e78717e8ce6033ff2e1a600792296b1

SHA512
8a5f41b0b1b99bec06a23b571ff39c744c620f2aaa4794954d06e34ed56219ac1b05dd5763f4c685d2c22b6735a5a4736ba6f0085ce1a0bd172e932a2c576e6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f5f1ec06c0ae2d33d378c0b873cedf97

SHA1
0b4ca2285ecf331db88dd6fc76883e419d802156

SHA256
726d528ff3fe240df87f4109b4e9b968754616e4a03418a841aa79c5cf924441

SHA512
6df92228fdefd3f380b099888f0da6ead0a5d2a60fe93bed0892f4f54800e61bba4ca8c7058ae450b72e06c6a8c3781930cdb47acef4e3294a44d81c19472905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2159b63c1e1e57df8e0e4e616f8974ca

SHA1
f82bdb1c2e4a7cda5f270762e041f5b0faab7314

SHA256
5c656546a3667d0e3a2255d304d9d62fa31f0ff72efdca66f3a89a4cf3dc4428

SHA512
998f6e663be1b889fc276e503c0fe687be4134daabd009bebdea647585f58ab05c8d2a9ec6fcc669d9614aa4beb8ba92ae92f084ac397dda2ec957cc6d79a463

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9c8064bab03017b6eae183b8dff15f60

SHA1
8229d3e4a5b2cf5ce812eb4b6c132a744f1cfa8e

SHA256
cf5331db32ca020c2842ec35b392a2c137ed1b52017081d1430f84823a487e2b

SHA512
c32351b2ee80fdc45d57f4ea1c368a1b0d4f66b2dc2cf641cfe162c1d34fc509792ab3f0424b485d459865100c96d797cd8f77cf9281ff07fdc35ccd737ca00e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a05a3f172d73daedf24bc4070a2c2b1e

SHA1
28eaf0f44f84ed6f4c41d1ce82a61e2d750ddbdc

SHA256
6c3da3a8c435d78c5e62539babeffb7616a9246d8a9577a8c09f105f96331ae5

SHA512
edcef6c4df8d85f54a059cfac0dc5dc4f45041438ad10053ca83e2b2e801f832aa71dd82d11d7873c7314f6e3d275b99899aa02d68ca1a616690e8c6ebdd4843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
4821d435924ee7a6e9d2782b6d87da01

SHA1
0a69cb6578653a5e6a8a2cc95b4b1664b0b3a3ae

SHA256
6c1fddbd674ab639dcc6569359f7cb885df0a99aad6e1590e2ccb56ff741b9d2

SHA512
faf592b3d2384c5ed5e01629783bf32c6838ad08da64af2c62c4f0d7b7f7e881c9ca6b550f7b88bed660f2ae7769d8386cc28586add5e374100fe93e99309dcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
292KB

MD5
873e790175e19d0fbd861d5cd29ce1a8

SHA1
1e096026426a33b3763fdf3e46a6513decd227a1

SHA256
b402dc17737672d1b76bbab8f2ef3ee2445862983d245b7d660b3719bdb38c63

SHA512
72296e2a8d54b42b76b1e65add71f7ebf9e28900a35f5503b398b4ba89739758eddb1b13bd29b2a64a012746c130e7162cbbf014c42013f54a80c2b9a142fe17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit