Resubmissions

07-01-2025 02:15

250107-cptnks1pap 8

12-08-2024 18:44

240812-xdfb2aydlb 8

12-08-2024 14:42

240812-r3eh5szekf 8

12-08-2024 14:20

240812-rnv8cavcql 8

12-08-2024 14:14

240812-rjzd7syeqe 8

Analysis

  • max time kernel
    393s
  • max time network
    392s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-08-2024 14:14

General

  • Target

    https://github.com/RattlesHyper/TrafficerMC/releases/download/v3.1/TrafficerMC-3.1-windows-x64.exe

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Drops file in System32 directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/RattlesHyper/TrafficerMC/releases/download/v3.1/TrafficerMC-3.1-windows-x64.exe
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb973fcc40,0x7ffb973fcc4c,0x7ffb973fcc58
      2⤵
        PID:3460
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,8362580919842126717,6013486505684172642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1888 /prefetch:2
        2⤵
          PID:4732
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,8362580919842126717,6013486505684172642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2104 /prefetch:3
          2⤵
            PID:2272
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,8362580919842126717,6013486505684172642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2460 /prefetch:8
            2⤵
              PID:1896
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,8362580919842126717,6013486505684172642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
              2⤵
                PID:432
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,8362580919842126717,6013486505684172642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
                2⤵
                  PID:1964
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4820,i,8362580919842126717,6013486505684172642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4836 /prefetch:8
                  2⤵
                    PID:4040
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4852,i,8362580919842126717,6013486505684172642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4996 /prefetch:8
                    2⤵
                      PID:3040
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5252,i,8362580919842126717,6013486505684172642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5268 /prefetch:8
                      2⤵
                        PID:3704
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4568,i,8362580919842126717,6013486505684172642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5416 /prefetch:8
                        2⤵
                        • Drops file in System32 directory
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2848
                    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                      1⤵
                        PID:4620
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                        1⤵
                          PID:1652
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                          1⤵
                          • Enumerates system info in registry
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                          • Suspicious use of SendNotifyMessage
                          PID:736
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb96ce46f8,0x7ffb96ce4708,0x7ffb96ce4718
                            2⤵
                              PID:4652
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
                              2⤵
                                PID:180
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:3
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:3016
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
                                2⤵
                                  PID:4976
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
                                  2⤵
                                    PID:632
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
                                    2⤵
                                      PID:2264
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4368 /prefetch:1
                                      2⤵
                                        PID:5004
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
                                        2⤵
                                          PID:1652
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
                                          2⤵
                                            PID:2172
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 /prefetch:8
                                            2⤵
                                              PID:1500
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 /prefetch:8
                                              2⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:3408
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
                                              2⤵
                                                PID:4104
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
                                                2⤵
                                                  PID:2356
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5272 /prefetch:8
                                                  2⤵
                                                    PID:4984
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
                                                    2⤵
                                                      PID:964
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
                                                      2⤵
                                                        PID:1564
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6276 /prefetch:8
                                                        2⤵
                                                          PID:4876
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
                                                          2⤵
                                                            PID:1868
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4700 /prefetch:8
                                                            2⤵
                                                              PID:1888
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,8322648675747373071,8955867924989797418,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2620 /prefetch:2
                                                              2⤵
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              PID:4392
                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                            1⤵
                                                              PID:2652
                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                              1⤵
                                                                PID:4520

                                                              Network

                                                              MITRE ATT&CK Enterprise v15

                                                              Replay Monitor

                                                              Loading Replay Monitor...

                                                              Downloads

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                                Filesize

                                                                649B

                                                                MD5

                                                                c812b19e4d81a6d4623aece981e16ee4

                                                                SHA1

                                                                e69dcd775d116b73387065d8e139bb9f5c698a66

                                                                SHA256

                                                                5736f891abd7657f2bebd78d4409b417e394b73e7cd0fba1426af212da779d45

                                                                SHA512

                                                                44afe468a6e8ac7771477dfed242e8ef981b84acb6fae30c9465fba1bafdde1771ecfcb834650d85c9ecff192b36cae78f462b4e0d81adf60e274da35315a8ea

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

                                                                Filesize

                                                                5.3MB

                                                                MD5

                                                                852f7926b0fa8282262e175d8660b083

                                                                SHA1

                                                                113346d3bf7ee0cce15952bbc7283e40c73790e0

                                                                SHA256

                                                                d9d2d66b4d908e4e76c07debc37084e5a0dc9020308477438d5889bc8e8e27ea

                                                                SHA512

                                                                babf2788a18ce3610155a3b8c34d1f488959927e59ef9529ccc684cc2953e369e998874be7c79c28407a45993b6924cbad726408343b77fc6943fc3c2e0ad733

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                Filesize

                                                                1KB

                                                                MD5

                                                                d8aea5c4a861b2efc2b7ee3bf61d1b7e

                                                                SHA1

                                                                b5e71e6d4443a82d2ae07a9fe732c11431517dc5

                                                                SHA256

                                                                6d927d4b56d8f4dc47774cfd51cf918b98d3e6d5692938555a43a9c93cb07839

                                                                SHA512

                                                                7b9a3c72cbd3cd67a6defa5e52ace61466c21d2189976859ad2b03b442c09161daaeaa01350ec33255d473d78d209112cf55515a166967524505e6e5de893084

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                Filesize

                                                                1KB

                                                                MD5

                                                                0caa066639db8ef6c96ff2b6e617776d

                                                                SHA1

                                                                b40adaaf4255ece8d3406ac3ec3c38b24ab39cd5

                                                                SHA256

                                                                ed6e1d5af6830ef02f06516f2f4e25564625fb00b895ae16b2700e2ea71a29d8

                                                                SHA512

                                                                8edb2c46f9a95365325cb4b940c198ede2c1efc3f68c19b8bdd242db3ff9ca5ec2c1d98039be60d2fd17bd06fec0b765f8f05499381c59e2dea91e0b8c9d46f2

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                Filesize

                                                                1KB

                                                                MD5

                                                                c3747be2579d534448b280a64e5140fe

                                                                SHA1

                                                                0ded382c2f5d62d268f12aaede96a44254897e2f

                                                                SHA256

                                                                56d43b788cab4420c4547fb68a59b6d99e40e5b1eb909eca262cc39289e1eea6

                                                                SHA512

                                                                914cd9c5100fd2e0262894e41ef732474cc7bf748a9e96caf3c870b80ed869a321c20bae9c14a6302af9a89beb87c3524d55ad95fe10b91cae05470d2d083ec3

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                Filesize

                                                                2B

                                                                MD5

                                                                d751713988987e9331980363e24189ce

                                                                SHA1

                                                                97d170e1550eee4afc0af065b78cda302a97674c

                                                                SHA256

                                                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                SHA512

                                                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                Filesize

                                                                523B

                                                                MD5

                                                                6c4f7692e4db129d6e72c8a985328407

                                                                SHA1

                                                                57a7ae4d5e9bb25bd5dd115adde62a7ce06320f1

                                                                SHA256

                                                                0e92bfa88d6ae5291ab31d5b169dcf6ff5489f4adf7813ba5dae76b932ccf66f

                                                                SHA512

                                                                4cb3e004728103b46a0cc3faf1d7f83a8123d627645b0ae451f44d26fa1d468f786f7cde1cc09136e96a88e993809aa24c5c94b352f3dc4ccf037ea396094188

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                9KB

                                                                MD5

                                                                eb9cee0e31f032779506d5c5d2e0e613

                                                                SHA1

                                                                d0b3316d1206adb39958e52d818699ca5d61f02e

                                                                SHA256

                                                                e248b73e0849dc8946037c882f3f5eec0702ac658259f4d8c9ef4b3a68328f5e

                                                                SHA512

                                                                4a2b749d2479a8c7b6d3f5bd8a834966a59295abc87d7a8f6bd6b37b17a4aaa8fbe570a4af11b92d967ecf1e0544e0c739736e3cb227baaaed4e580358557a7c

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                8KB

                                                                MD5

                                                                afddb8cb7d5fef8675c5fbc891f0ce30

                                                                SHA1

                                                                47061d64673a7c476a3c9faa4a11972a9e89cfcd

                                                                SHA256

                                                                682cfc9e3448dd20e335a86144e197175939fc05a0bd4caa65d92c00ea2134ea

                                                                SHA512

                                                                fd65f79b1e35f05ce8d28a803134e6fd09ae104b60cde86ca6a2d4594dd4bae9f5f175c76121f567674bc81b1f8a744a9d5f3eb492ab4641f811ac7be712e8a3

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                9KB

                                                                MD5

                                                                dcd694c66195fe3af3b061bffb14aae6

                                                                SHA1

                                                                6f1179da2b952d4b9882f4abc4e63d50284c4e6b

                                                                SHA256

                                                                84737a8387cb72c6f69200633cebe653beb6bd4ad7c4719c3307f08acd32c791

                                                                SHA512

                                                                bf401765ce249f6775a389efe0fcb3a382d62c650bf5ee2d98111110491ac021cd69702df1a8861c2ce1b13af08ea75e56436166d4314427dad228dcbc25ca0a

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                9KB

                                                                MD5

                                                                1d83c2180adadc4cc261c6b4717ed6d6

                                                                SHA1

                                                                46a52129481c10213a362cee54835063c318c0fc

                                                                SHA256

                                                                34dc59769d39efed530e2b93fbaeab05b7d6485b7fa7b34556d43a6915d69e4b

                                                                SHA512

                                                                ecb77f85d16756297b641386266703645e8bb124f781f9d5662973be60396236d5820a5d0b8aa27cab1a2a1ec7462f4007b71a6b9a7ca5be6116778f7bfad4ca

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                9KB

                                                                MD5

                                                                ab4455d12a79fccb9c2e0c49e899e41b

                                                                SHA1

                                                                0ff789d8682b832e111f6946f032a5b36e5f4840

                                                                SHA256

                                                                719fb9fd8ee3d6feb7862aa29a306690c0669dba10ec1169f41308375926aa5a

                                                                SHA512

                                                                9befb7dfa090a04731dba56b0b0f66115f169dc1bb8afbe71d494442de5a3683ecccc01b617336523d2257803b96f6098d2c671b465814dad41a42aff4b68098

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                9KB

                                                                MD5

                                                                5e242653a74f5b20f4d6608a4cde28d3

                                                                SHA1

                                                                998917049af1af538450620e569d757584085feb

                                                                SHA256

                                                                074dec2ca95bd941c01767d16086930e6b9f5cf03108917e26c8eb881d46e4a8

                                                                SHA512

                                                                0a574c999951bb283bfd00539ea6c8416ec54e4f02087b4814fc9c55b5f53769b7108899ab51626ec72f0a8e66534f60f36d9ac5cf9e6c231c2f0225fc52dbb9

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                9KB

                                                                MD5

                                                                2e368a549785707bfbca7dcfd91ea487

                                                                SHA1

                                                                ed16e7521bd8fa0f23dc36b4fe7adda7be07f0eb

                                                                SHA256

                                                                19a21dcfe10dda9cc387dcfa4092e42bd018e4e9954ff81c4cc3c91bbaf91ebe

                                                                SHA512

                                                                18d4358de702e0f582ca4c828ce1b4e3fba39363b5e5c34125228cf3e84ef690ad87c39b5206e8a61cd6afd674a1280abbcf6e97d60e098e3d5dbfc8f5d4ef9c

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                9KB

                                                                MD5

                                                                4f11a5c7431e9dc8fa086b7b4d62760b

                                                                SHA1

                                                                0df522857bfcda10c7ad04a4ffeaefef20f7d4c7

                                                                SHA256

                                                                5fb890446aef3a8078d04ff2bab8d6ea3dd7e4cb4872891c68e0e727110e0899

                                                                SHA512

                                                                ba92d72de9ce60d519259b14a456296e7766fffebc5e3dd8ee811051613d7415511d4e41e86429d9caf12ad454219b967e714cdd451f9cb08e2c917f36a7bea7

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                9KB

                                                                MD5

                                                                fa1336c76d28ae58cf22e41ed6947962

                                                                SHA1

                                                                927ec611c633c6870c8e0171fbefdadd624c67ec

                                                                SHA256

                                                                f9242355cbe4a8f4a1ba892cdd26f2b359995c1e198d79c3d407be6b95c53f23

                                                                SHA512

                                                                acfce49b7552f102b25c51bb15c75427f8ae1e1acb94e14b52c837dd713ee8c288b9ac6128361c7f1e5b1adc580028bf55d1874fac6d9c44903528901c0dd448

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                9KB

                                                                MD5

                                                                e757f9fa4ba8704f5ae52bb2923068ec

                                                                SHA1

                                                                c906249d074938e513cf6ef2c2e5a0737eb3648e

                                                                SHA256

                                                                5f9785fc8f6ea1a0f57fdfc5d6e87effcda53ceaf9530d633fc49ab47cd10742

                                                                SHA512

                                                                e1adf585ff5055ceb4fa95abf1b2fd54c0b92d4a466d39d42179ffcd30100d54adcc4952c7f920aabe3ec6e8cf3a48249d8efc9ef8bf838fac564ddf18ba0e1d

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                9KB

                                                                MD5

                                                                4fdc63b40f953e59bdc51f8cf0b5c739

                                                                SHA1

                                                                45a8d310fe70948e0b358835100cbf4f6c7f74c7

                                                                SHA256

                                                                37a26ac1d563ec5a6336592a84b85e84be7163c1df6b7b12ebf51026efdb52eb

                                                                SHA512

                                                                4fd4b1f0c28d70587ddc10624566f021785479486a8119f8f4fddd22d8ebfd2f1e603bd5bdb1239d2cd57e1e27cab1b476a28ea4a17e6b90fa6a2a9e3917bf4b

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                9KB

                                                                MD5

                                                                de53197b99fc5d2840551e58f99f5a08

                                                                SHA1

                                                                c3aee6d843f8704b25b1e9e1451c231b481992f4

                                                                SHA256

                                                                14cd5f2e848c2bf1661171fba11f33714f019e08b4395a1f796a26e7c08cdcf7

                                                                SHA512

                                                                d449a2cf00acb97c0b48e34e96849ad8f7b75a29ff8a9759cc8b65a1fc6baa6d9e8d8d603ed765f8e2b83818b940f9263784934e7a5e4b615180c4b6c173018e

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                9KB

                                                                MD5

                                                                5c1d4aaa661c36e4e2db5e7e5e6a58ed

                                                                SHA1

                                                                6975f65729cc6f4e5051155989bb47fc02ea3c6a

                                                                SHA256

                                                                7bb8a86cf054564380851602eccc67cff4ce3e6f2796da07aee0149d197c35db

                                                                SHA512

                                                                76f565ca584440533553805a8b2aee020ea8a603c60688ff79197b5d91b0f535c126f2ae7aa73b50a0fe99b29fb5ed0b2bc4375d420ad31957e8ee4767b4c809

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                9KB

                                                                MD5

                                                                0a82d37db745f4dc2c78fffb5924a1c9

                                                                SHA1

                                                                e967ceba09f54c091a2c92eb83b2976effc2ac77

                                                                SHA256

                                                                1ae405640eb831d7053006f9ac2b62bc4f99976e6a4dd0af5a5e5ecd599b8af7

                                                                SHA512

                                                                5a4cada8447b0e18d67e23024a076afa61a3b14c7469741acbef7226f3a46ccc38ea1e093cf142ebd1b12cdc59e522e8f2d456ee22e6bc9dad9d45beefc0df3e

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                9KB

                                                                MD5

                                                                bb2a67c79a456eaab18bb6df1ed3562c

                                                                SHA1

                                                                8af1443bc898c8cd433901951585dcd36a29ca53

                                                                SHA256

                                                                411be64e2a1b5ca305595967b8eab85412d93d81e14f70309c2195ae08a3c81a

                                                                SHA512

                                                                fab5d77acc95f7c19ceb00c6173cda1ada6175f1ffd12c5d7044fafc3b886882c38e133fd072813482c0c60a84124fde06d590c495af7f61dc78e86443421647

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e628dad9-872d-4fe1-b208-a3bbd55d9701.tmp

                                                                Filesize

                                                                8KB

                                                                MD5

                                                                dbdb7c2ebc404a6983a12c029c3e5aae

                                                                SHA1

                                                                a6d3ecc1055c84883c9ac590f42c09ed1bf6bc41

                                                                SHA256

                                                                408620a2839a84544bee55b0d0ef538e452683c1f027480e21c31db5206f036e

                                                                SHA512

                                                                faa0d1f5e68a8ceb8737e1fe696f9f9be96951dab99ddcf0608e2884bf5e3ee342596bcae9a629af5a5070218db6e4f53f7f8ea01b15f133d66f3e7a5face0e1

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

                                                                Filesize

                                                                264KB

                                                                MD5

                                                                9e09409a97a6d03c1867ab59a3ae0848

                                                                SHA1

                                                                77d2c936e58cb6de437fcf7e3807984ed627c0d8

                                                                SHA256

                                                                3eedb8588a1fea4fe3457f07941c75896c5d5672b79bb34d2f09887682c92b97

                                                                SHA512

                                                                5988f7eac65100a619d2bda6ce79f4788ba2db58bfdc8fb65a99986d19156598d409553b2d8a43f1714c9c727a7e2057a64e6946e1a42e6ef755435a9e9d4cb5

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                Filesize

                                                                99KB

                                                                MD5

                                                                1fe5ed8b3f622de1fd0aaa7a35bf2825

                                                                SHA1

                                                                fab594ede7a7af2406d0ebd756d8d2cb7b0c89d0

                                                                SHA256

                                                                64094e45e2354c1a98885509fc3d3052a9ef6975bb962763fc623e4a93870cd7

                                                                SHA512

                                                                1f2ab224b308bdade3aae9edd246e6787172705997d26bc2667e588b1ad73ee4d2d644e449e49e889af965540f18f635fe06585bbdae2f303f89522deb2e924c

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                Filesize

                                                                99KB

                                                                MD5

                                                                ba1186a37308555ed669ecca6cdd5f9a

                                                                SHA1

                                                                12e3f0bc3e2caa6f9c487721966f785a51235443

                                                                SHA256

                                                                ae52a2ef5202debad7874bedb5960cbce027a860525e45ade4af1018040942a2

                                                                SHA512

                                                                0e0bbf2b0ca1061fffeabb70a9016205d6837012ccaf26115236ab0d995b263d09e03c64f2fc2e9e323f3561d36e31c067ab0cf2b51000da0920758d51351518

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                Filesize

                                                                99KB

                                                                MD5

                                                                aca5119431fbd03370ed4331e91ac2a6

                                                                SHA1

                                                                e5e025974258723dc185384381818a40a6d93a26

                                                                SHA256

                                                                f9643c5488e7dc089aab91558bf02c8f25983e8d96a2b1bed9b8377e85dcc154

                                                                SHA512

                                                                688e39a06f638a073f42a5cf77434839a495398711c7db35998549d7320eeca6af4ea899e175acb8461749a51a6971aae4f1357472c26881952dd5d0f40d9260

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                Filesize

                                                                152B

                                                                MD5

                                                                e765f3d75e6b0e4a7119c8b14d47d8da

                                                                SHA1

                                                                cc9f7c7826c2e1a129e7d98884926076c3714fc0

                                                                SHA256

                                                                986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

                                                                SHA512

                                                                a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                Filesize

                                                                152B

                                                                MD5

                                                                53bc70ecb115bdbabe67620c416fe9b3

                                                                SHA1

                                                                af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

                                                                SHA256

                                                                b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

                                                                SHA512

                                                                cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                Filesize

                                                                111B

                                                                MD5

                                                                285252a2f6327d41eab203dc2f402c67

                                                                SHA1

                                                                acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                SHA256

                                                                5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                SHA512

                                                                11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                Filesize

                                                                265B

                                                                MD5

                                                                f5cd008cf465804d0e6f39a8d81f9a2d

                                                                SHA1

                                                                6b2907356472ed4a719e5675cc08969f30adc855

                                                                SHA256

                                                                fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d

                                                                SHA512

                                                                dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                0dd787e91e24362f0d9881709a99a946

                                                                SHA1

                                                                083bcbb3367dda3a949e12c623ccf518f22dd7df

                                                                SHA256

                                                                0da748ff2426a73b7e20523778bec4bfc954e9457c7ea339324d2712b39559df

                                                                SHA512

                                                                9d59b411df83d19d965db465fff1da9eabbb3089f12bff852b5766d4fe2490d8cafcd4e28b2bc51a542a665078dfb4bd18c0180f8b2535de9fe6cb6f7f539d58

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                1f6f84adc2f64efa19d09b1513b336b5

                                                                SHA1

                                                                8c57ea15619925085cef6123ee340d25664aaf47

                                                                SHA256

                                                                508ece4e96059c0288882637ee056c3377e08901c67da26ea508948dd6c17ab1

                                                                SHA512

                                                                31907a7350e77f8106e84c2da1c4957e31aae9380a7a953eabccde8176b0283ed00f77ccf469797a3d329f8283961b10a09113e4450dc039a73ed8989f1e2feb

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                1c666f901b7030cd349161f7ff099eb8

                                                                SHA1

                                                                839df68f88521201b3ccb3120d827e12e6b0a0c2

                                                                SHA256

                                                                3deac41465d160b49dcf00c4a5894c5309d4ce9a9755e342af15bc351b93736f

                                                                SHA512

                                                                8542f3de2be9d033a6ed645638419658dcd1752f3c9f2ba1d8bc0f4467925b52626122805311ebcb5ea7a81b5047a9c03b6fe28e3c84307ac340323d18b639fa

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                Filesize

                                                                16B

                                                                MD5

                                                                6752a1d65b201c13b62ea44016eb221f

                                                                SHA1

                                                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                SHA256

                                                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                SHA512

                                                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                Filesize

                                                                8KB

                                                                MD5

                                                                b43b532737179cce9f6ab6a60d555794

                                                                SHA1

                                                                5da7613f19a992f7c011636c4fe09c00553fe29a

                                                                SHA256

                                                                0f2e5b5d2547199cbba02880c4ac274500c5537197b4b51b52500eec1c7ade2f

                                                                SHA512

                                                                bc774cf4bcdbfbb1e87d3fa87b730371cbd3ed8215ff8f602b13c53152ab1ac26dcdfe31c7ac4197b58d14068c43c808edd3c5c1c6fe97ef98e8616afc054cb8