c3fa59901d56ce8a95a303b22fd119cb94abf4f43c4f6d60a81fd78b7d00fa65

Resubmissions

09/08/2024, 10:27

240809-mhf41stbph 4

09/08/2024, 10:24

240809-mfmtsazaql 4

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/08/2024, 10:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CosmicDriftLauncher.rar
Size

36B
MD5

a1ca4bebcd03fafbe2b06a46a694e29a
SHA1

ffc88125007c23ff6711147a12f9bba9c3d197ed
SHA256

c3fa59901d56ce8a95a303b22fd119cb94abf4f43c4f6d60a81fd78b7d00fa65
SHA512

6fe1730bf2a6bba058c5e1ef309a69079a6acca45c0dbca4e7d79c877257ac08e460af741459d1e335197cf4de209f2a2997816f2a2a3868b2c8d086ef789b0e

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133676728312085398"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
728	chrome.exe
728	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3564	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 728 wrote to memory of 3560	728	chrome.exe	94
PID 728 wrote to memory of 3560	728	chrome.exe	94
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 760	728	chrome.exe	95
PID 728 wrote to memory of 2664	728	chrome.exe	96
PID 728 wrote to memory of 2664	728	chrome.exe	96
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97
PID 728 wrote to memory of 2428	728	chrome.exe	97

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\CosmicDriftLauncher.rar
1⤵
- Modifies registry class
PID:3808

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9d824cc40,0x7ff9d824cc4c,0x7ff9d824cc58
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,6347489360330187121,9230087153590355026,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2188,i,6347489360330187121,9230087153590355026,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,6347489360330187121,9230087153590355026,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2460 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,6347489360330187121,9230087153590355026,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3352,i,6347489360330187121,9230087153590355026,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3740,i,6347489360330187121,9230087153590355026,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4808,i,6347489360330187121,9230087153590355026,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,6347489360330187121,9230087153590355026,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:4532
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff647334698,0x7ff6473346a4,0x7ff6473346b0
    3⤵
    - Drops file in Program Files directory
    PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5092,i,6347489360330187121,9230087153590355026,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3516,i,6347489360330187121,9230087153590355026,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3392,i,6347489360330187121,9230087153590355026,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5184,i,6347489360330187121,9230087153590355026,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:436

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3664

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\03e36a3941d3db89_0

Filesize
374KB

MD5
ac5c6fe062096a618c3394f043d91f8a

SHA1
8d6635673bcda35add2ecd7ef76070a1d96783f5

SHA256
7396c5f8e56dba2c7680fba55a04d682be6d71b2eb4f0d58749f95666ad4476d

SHA512
4b9d2e46b95a61910a148f92560aaba620429ef4e4af248a4156e180a445008b981baf38cc1f5368603db761a9704f10983cec4c841ee9e8e43de7d7a82eb175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2d1a60d94cb115fb_0

Filesize
289B

MD5
28766945f681201fa90b260d98cba031

SHA1
21066c341431c4e1cd1f1a56b1cda3e91ef00f77

SHA256
159be8181b301902327286cb7b11dbd60ee42393099d821e7f1c3d90eca3cff3

SHA512
657824db09c892b997e76d07ed33d587839c9863e7304a1e5239bac2c7b8f33e35b314aeeb96234436869532a74276c40f63ba54517ea1e5eff9dfad4f68ab9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
61d7438cbe7beecc514ce6dad9ecb8fa

SHA1
9eec2e99929c22528271b84e5b054717fc950c7a

SHA256
11d963d2342d84341e800b3c58734ace3d60e43a29966ba75e9f45dfd8132fe7

SHA512
41454f6c7c4c539c8a15f51092e37a00325cfdd26c3dea082d55de524188e275f2dac0526942fc4c7500e0dd56fa80da78a7b1cb6cf04c1878a1117d41e0b732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
c59339b9e29cbcec288865fcb226e601

SHA1
01b76fcc00d4feb53005197c9855c70efd042daa

SHA256
ab0e8a0c3bd087ccc1f179997728d0efbfd74745be1218cac91800ece9187d76

SHA512
4f1dff8c50c4345178a55eef9f3f8503b1d30da75646f075535e1b495e731bf8b1bfad28514a2b2b37ca8808e0888e5f37a85752179fafdebf1da18a79a88b1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
943da507b7c20bacbaa2ed2802ff3aca

SHA1
01b945d68e0055f7a079bbab5fccd1ba1d82ecf9

SHA256
2f3e474144da880e69c9e5748f29c8f3126217bc2aa44f6d6e1be5e3c87865e7

SHA512
7098a93140fe6df82bf96e103e98dbb7bb0f09e4c2338f6ddda843ae81f27577fcdcdd38e48097f2c0acc962028b4de2f21afcb369201d7618fe903effc86cd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
dae53b4ab1fc3f4ecd3c78cfc42c31ca

SHA1
9538b7e2d91df27ad41f6afbca92286f28ac632e

SHA256
33d701aa4815c0c1442ec493ae1ac4fb0b7f4592fcef96e3c331c88c65bfad17

SHA512
2d3e6766b5fba60c9e54aa4df9a875b8aa3af905fbfc4b7e3719669fe2e4c0dd9699d9ce2229ff5d4eba90b93800f4199268cf231628d5d575c7b142f1f931f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
578de654557e4d0c71799a8f258c6ef2

SHA1
6845d2cfc9c455cff14bdae92472b7a505de6449

SHA256
4d20e056772352dfd1a324ccb53c67e38b5dade005a2016e5c09b07557af97b5

SHA512
cbb618d32ba7130b0f77a6997b85f69608b20c38d3740731315911a9e22616891c973d61879873b96543524c55e4b31638cafd67b3d799b6cf0cf9cf2d090079

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
e9bc182a30d0c4d3c1ea70780f31bd9b

SHA1
9fba8bd5f99c1c3f8875294ade52e9ace7a3f391

SHA256
3834942f6c2d419308a5cd5981f2f4c3013cf252e3879e7392886b27604bad02

SHA512
98512269d401c7d1a1b8310450add39d98b46ea2e1db82bbff75ad40acd6d7c013bc3f90dae0102182aa0fe7d6074d11244a2a05d2cfde2e15005f07a182940f

Download Submit