hxxps://drive[.]google[.]com/file/d/14KxixzUCc1IisKStNtUM20xZWmZj6O2-/view?usp=drive_link

Resubmissions

12-08-2024 12:29

240812-pn3lba1dlq 7

12-08-2024 12:26

240812-pmbq7s1cqn 6

Analysis

max time kernel
148s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
12-08-2024 12:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/14KxixzUCc1IisKStNtUM20xZWmZj6O2-/view?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
4	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	start.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133679392010493987"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\NFR4.ISO:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4500	chrome.exe
4500	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3708	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4500 wrote to memory of 1144	4500	chrome.exe	79
PID 4500 wrote to memory of 1144	4500	chrome.exe	79
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 3364	4500	chrome.exe	82
PID 4500 wrote to memory of 1204	4500	chrome.exe	83
PID 4500 wrote to memory of 1204	4500	chrome.exe	83
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84
PID 4500 wrote to memory of 2596	4500	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/14KxixzUCc1IisKStNtUM20xZWmZj6O2-/view?usp=drive_link
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e1a2cc40,0x7ff9e1a2cc4c,0x7ff9e1a2cc58
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,4230135499525972036,11412156032986752972,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2036,i,4230135499525972036,11412156032986752972,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,4230135499525972036,11412156032986752972,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2384 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,4230135499525972036,11412156032986752972,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,4230135499525972036,11412156032986752972,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4372,i,4230135499525972036,11412156032986752972,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4384 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3624,i,4230135499525972036,11412156032986752972,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4816,i,4230135499525972036,11412156032986752972,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5028,i,4230135499525972036,11412156032986752972,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5016,i,4230135499525972036,11412156032986752972,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:2012

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3512

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4536

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3708

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:72

\??\E:\start.exe
"E:\start.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f8f30668c018a54b7e06624c3acb5282

SHA1
6ad4ddc4ad68ccdda419cc0372f51167689dd50a

SHA256
314347d5cbcb4680daf757e23ce8c7568a01c06d68bfe631609189f301131035

SHA512
605da7ac289a68f1f5fcde24b81c303d6d168fe7cb43e8a55f69428841cdec86e7bc3864e2b81eec112345f47573614829e0238063495e0addeb9636651a65f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
38a1b63859b832dce4db9bb8fef7e656

SHA1
05abaeaeaa352a65be56e116fa172b44e2b22d51

SHA256
c2c8435782ca9a22bc6222a388d81188e2ef1c819eede1379c2aac2c1fc3cbe9

SHA512
e2dd8088700cc066e6186609fd9496c951b7b10e2c8ce97ff5c87fd0e65d643768adb51f63a6ea2243776dc4e3cab5cc943df05dac62676fe3b42833dfd1fca7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
b5f804a7552fda136c1a9738e9dbc927

SHA1
a97ed6019255b6022b542cf8ae4e1f6d9272386a

SHA256
1313b5f6666103493e0baa6974c1856ac0209f0883c6056fc410948d73da9816

SHA512
bd78624c55db00579613628ed7af9c4158d8773a5bf94b0f4647748cfcc3d3c9228dba063e4967eccc721fc787718fea6e56bd9ac4ba47c1abe7782475bb45e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
1a54c0e78c27d46755d5662f978e9058

SHA1
a5e40f9fc43ea5e7065451bcccf6a85fe9cc836f

SHA256
d0ee18d60eeec15918e8d52cb3a00af190689bc204e0525761a0d5ea4743fd5f

SHA512
23695f04f1e03f50983c07264708cb3cf1715ef7552a8acc88ebafc16056de3b0af5c8264e91d8b3c4e04b5872dfbcc124c2262ff6917c04310d60d31d15edc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
ad6b11487f35da6690afef129ae0b242

SHA1
002946d2dff1c79ee42d2d38b7c716d385916b6e

SHA256
cabe1ee9cda763eba7e6c8dec970e03d087bcbf63e96def6c8e8dba955e83994

SHA512
b388dbf587930356bc0b345dab16991e8a3832a607b99605a89cb899ff328643d396ba54f4c508164049c08975e701b110c27c88f818102835f7e68c164923f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
820d4166f3bda33a6ef09423b0c71cb2

SHA1
d5c31d20cdf6dc023690a23567e3f769f13574f7

SHA256
c164797cb1aefa59383c401b3b8fba8d0e109d3e0c06ac5c21b4b970d1fd83f5

SHA512
660378e48ae684bac8e3daff142ac079bcf25c85ec9ba355faef6d61be3e850b4675198276d928a9a076c1f94825497023ecf323e72705a055cae4e64c134a6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1d1f5e84ba0bff5c36394a1decfaedb9

SHA1
7f38a198fb40a851a7580e7ad411d65966c8b00c

SHA256
7a08a099d5b471103bc77684822ac57364e438932d8377fd55147dfb4af1d014

SHA512
dedf3dd19d68278750262862fe6242d124275805fa37ff141d71f5cb161abfa2b2ceddb18c545724b4ac56b03bda220d627e970d0fdff8566a20402aca6cbd12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
63c2fa750cb7bb829ed04361225dbac7

SHA1
aa90ec7ed09540ec720d1e7239635eca61f8bb2c

SHA256
9c998e1409cf852bd8f2688e6b1ea4f367953b262ade46638a78df32b30331c4

SHA512
95882fffc5b6ded63c2a4d81d6068b002e38a108b8fdd4c6946fe2c8eb90516322725a28607a41004dfe6e33d57b1c3a097e035b1be9ee16fc68f86ff75e16bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
91668611e89b7a3001f20227cd949072

SHA1
95827c96994aea6e25693b79b1ebdff37e4c9ddc

SHA256
d310a74bf3b7317eae9bb7ed7a84b0c2da2cf642cebdcc05f0c950b99307d77c

SHA512
f2bb29cc62debdfc00f30d863a93e928bf0c0cff3f49ee4d5b97b7da5990380a5a8e75bb5695e8f287f185ee06887477264629343397049e1d0003aa1dd384e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2230e9de47d71cf1628df4b0f12cf546

SHA1
0dae66ead77b7fc79ff8e036b20f1932075fc045

SHA256
6a918a0ac863e3286a46dbc9a0ee6d5f4effe0c4e8fc584ee06a163d5e23449c

SHA512
d3d7056d2fb6273b5a015953a8238b042a20276f09944825a793eb1efcd3c1be63d09842867ed09d79beb1aa794d9632b5ec1eef03aec399f89d841c261a88f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0a81ae74cf7e4b1e0b3fc2bb12cc72f5

SHA1
00c276af2d211a322ae6b3fc7bbb70bc0552f1eb

SHA256
0e06779d988b04b3954e3931bf1ff8d5fea2766c540025aaa291ce4bcb0e47c4

SHA512
2ed52d115b1cf1fc70e88efa2db43a338b3194726f733a08b156481beff08bc0ccaee41885c72bb3b4cdd56b406ae13ad8858fa705dc2e768af86e111303e6b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8878a9faa304e01e189682b25655dcf8

SHA1
fa043c56b84b6774a53a7bfe19a157e678bf06d6

SHA256
aea7ea5b278363aca9b9a9d2ea87c5df65b20c92d5764b0378e886d64545fb81

SHA512
0431729f5cc72a70cc33c0f4fbcaab1e439cad8370bfd57ee515cfad9ce5a5cc096d39cfc69782705306a2aa704de41bb68b9b7796bb0f006599e381d964c511

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
03706d96761a6ddd940cf0b49f021540

SHA1
1a09122959348acff7570262be7b85b348cccbc7

SHA256
ccb740ebcc05fda805cc7a8aa547154c561227a70a4f173f36ea6ff8ce5f1840

SHA512
4be0014ccc63e6ed4ce702f44b3b9e17dd402aa5c7b608bf6869165112334f9d1772ec7322832da13e7ab7a044585d9c3397de256292e4015df1873422f8d68d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
2e7ecf3c8224ca09baddc83f05b76541

SHA1
f43b6df9aaa74a627d904b5bee85fcb1257fe45f

SHA256
f37f3e2b059844909e167bd6e96035345f17688d3688ac62601390229cf15fbb

SHA512
f7ddd9dd27e50ec6dc3d5a38688dc6b2edabd3eb325b91c53723379d8abc836669e09336fa545839664a7ccee16d9e7cc2453e32e39a1f33c7d3fc12657299cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
ab8e31c90092667cf84b07d66e2cf503

SHA1
f6b6d241ee4470489cf54d1b549072bd78101e57

SHA256
31a8e581ccb42b7515515e3a4cb4314e4374b9ab95a257b484be1b73c21a9365

SHA512
44c63b78217f9c191413a7e451a4c4a428e11d39b34d75dd4932880199f4f49b468b479a1bcb9706dda6fab978988373871b0c49f97f5258f2793765f37f9145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
ab9dc79b3c1cb1282d6342870f267439

SHA1
6011e551dd3e9e9db168484f8cb17ffeccef42bb

SHA256
fe791c0f7820501e3c1355835eb0eb0b3d57b127720d8c87b956e7a1b2415049

SHA512
ff1332bb044b25bdc79656c66eb9f04396a740122c844455f7c4cbf7a72ea011dd56488dbca2cebd1c86164ce6c891340a9a3d00325774704e3f9dfae4f3444a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
09738dde8c192a7731cc03b23b8aa41e

SHA1
80c2d9387fd4eb2b3f7a09a02254c7d29924b983

SHA256
b23aaf392d2483137f0a3ddfe693f8f048ab74f66055ca7e04d691098eabf933

SHA512
94efebab2d39d8582069d0a25283b84aba7b32c022f48badbae01cfb3701683fa1188ffe3ad3ac89f55c28629525a42c7c4d1b52e80fee681ab05c72f11da040

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
4d52399020a24c1f6b4254cc7252504b

SHA1
2afe0c8994c64898d5fe16ca68811438ef19b0ee

SHA256
e75a14ce8abaea1788c4361552ef9ef2b86ea02485eb4ad5f8c22c9c49ece3e7

SHA512
a481726d4ef1dfd67a86ae79e16abda87a0f370310758cc8a1bb2516a69557129e9612b9430c0ae11d7ddf72e1afc3375f5649a09bb53febe5cc16718ba976b4

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\~earchHoverUnifiedTileModelCache.tmp

Filesize
10KB

MD5
f065a39d7e06597189e073755a0c1719

SHA1
f2ce3c9d697f40ab82ec0fecce46de6b354b4c54

SHA256
5ce6608613c37cdb3b66ddee4db699f41b06bb3906301b29c5f5039b8ce6356b

SHA512
c361ae3950de1fb738ef9b18d58786819ae246c21631bdfe4c392a41a859e25fabbdfd473d42d875846cb4a1abbbe798b29512264f9aa3f9558e067795468e20

Download Submit
C:\Users\Admin\Downloads\NFR4.ISO:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit