hxxps://drive[.]google[.]com/file/d/1OFd7HySZEBbsG2E6J7D3SnPxLS3gfBZy/view?usp=drive_link

Resubmissions

13/08/2024, 23:33

240813-3j21wa1fld 6

13/08/2024, 23:32

240813-3jgd6swdmr 6

Analysis

max time kernel
149s
max time network
140s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
13/08/2024, 23:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1OFd7HySZEBbsG2E6J7D3SnPxLS3gfBZy/view?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
4	drive.google.com
5	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133680656270694678"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1735401866-3802634615-1355934272-1000\{0FEFDF25-8726-42CB-9DD2-965A7EB77D1D}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3752	chrome.exe
3752	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3752 wrote to memory of 2912	3752	chrome.exe	81
PID 3752 wrote to memory of 2912	3752	chrome.exe	81
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 4016	3752	chrome.exe	82
PID 3752 wrote to memory of 1188	3752	chrome.exe	83
PID 3752 wrote to memory of 1188	3752	chrome.exe	83
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84
PID 3752 wrote to memory of 4648	3752	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1OFd7HySZEBbsG2E6J7D3SnPxLS3gfBZy/view?usp=drive_link
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7870cc40,0x7ffe7870cc4c,0x7ffe7870cc58
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,10329100672647726180,14990967322594782733,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2040,i,10329100672647726180,14990967322594782733,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2056 /prefetch:3
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,10329100672647726180,14990967322594782733,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2356 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,10329100672647726180,14990967322594782733,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,10329100672647726180,14990967322594782733,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4412,i,10329100672647726180,14990967322594782733,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3776 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4584,i,10329100672647726180,14990967322594782733,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4560 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4576,i,10329100672647726180,14990967322594782733,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4548 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5176,i,10329100672647726180,14990967322594782733,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4568,i,10329100672647726180,14990967322594782733,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5448,i,10329100672647726180,14990967322594782733,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5520,i,10329100672647726180,14990967322594782733,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5532 /prefetch:2
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5580,i,10329100672647726180,14990967322594782733,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2352

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4780

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\641d76a9-08df-4e71-b715-3c16c08a8615.tmp

Filesize
9KB

MD5
2e3641fe48b2ae20f40ce4b0cd1b32d6

SHA1
9002921d301da5ce77e89c3ac31a28239cce467e

SHA256
80237ccd5cb20aa0697795daeb1de8053bacf2977b437efe765bd4268ba1a563

SHA512
db50ee79f006385c49a1a32a5dda397d19c9a4a6525c6f5e4de12c41f890df833883aefa2e434a6973d74668a32d97d85ec34b660841658150c0baa70c3dd968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f8bf3a6225d536f3c39115b8b50d32dd

SHA1
8a42f8f4d2b16a71994d036029169be42a979442

SHA256
742749ae374c61345238f3d89f263aa03e3f83bc16f997047f01ab191b2bc89b

SHA512
c55823064ab28a044c999ef2763dad23d06a199fd2c5419c0096c4e2b48f0d2d14ba6fac48df7628c9e72173f2bf13357ed49ce705c0f5c72bf895390e904051

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
300eafc1ef969aaf5a2c759482ad4237

SHA1
6278689815e446063ac08c5117a2b6d21d144d3d

SHA256
da6e11847be90f23d605b171d4898cc47d0fe9da4d1f3a624761b3fc7c61a381

SHA512
e3ed5b8f594dc95ec2754c17ea71ab73e2e60578b82be4d66e35700a1d52db317e9812d84f51154fa5750c26baee6028ec47c0181626b84bb84a149ee5a3d71c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
11d84df794ba95b1e120855d182c9ef9

SHA1
148cc41bb8bde9f9f3c82e25f0735c59ba0e9c89

SHA256
81a7edbda0b34edef548ac9f70f692c3e12e99a372703d8bcb53f1af46476073

SHA512
524d598b2c149a7ea43ffa03cd90e1b2437df7b791a03d6de203b98a374ffb50e606399e36eda0eed82a40ee0e9de867c29b2165724b30e93d1f7f6f9615bc6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
90e2557adb1a0f14dbdefb316c38aeb4

SHA1
3dab717c95c46b16fdd35dc9bc32752524567e6a

SHA256
3917507693cd11448f4f2086312189a5b375692aeb00fcaf7a4e4166d19525eb

SHA512
9fcf4eb9b9fbb18d4df41c8e096c90f789f2e3ccb2e2f66456d87bb2ffdb5644723d0c8b00c204feb6d2ded8882d90930d532deb89d0460d79250b6d59811840

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
662130f2e8e5d883e697b016ca8fbf97

SHA1
72e09eb5be07284937462aca35f2d578ff026cda

SHA256
5ea3a973a5a70a71786cd317701d89cc722a06586275290b47d96130aab10f4b

SHA512
1abca142c209ac706d71450313c887ad7bb1f371256bc16279e45bd85bda3f2de3ee21a30b92d6c74b866bc39801dde5a7b0c82a8a7e6374f71c3b94f2e69da6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
0a1474f6c0dfbeadb191c24f6b1cfa83

SHA1
b3bd9ca8112a8cfbb2b2da270fe69d8c1e327782

SHA256
ca7bc1b2c515512dfeeac71c346c85292b204e81f98a4b48084b8ba225be08ae

SHA512
2146553e555c7c2619029a380b82598fcddb7a325580fa2f53ee1c82bcc77cd9a46366279748baf3f03d03670f54a2584e26fa822f999b8d5ad8a74d9616867d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
734b2086535bb04e224563e09cd2fa0a

SHA1
ca875d4283574d129862dfe3067544447e84c22c

SHA256
6b1853e44d816d25a15ffa2b780e358c6495c036d6e86f55ce0abfd0c019e9a1

SHA512
48f9713a8aedd47dccce503ebec9f414cf9126f590e4e134c146eaf3fee1476d4d99ad5a6905777934c61f4affde241b85a17d15d5af2487f5f5e4f1674a0cec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f5d84e427eb2cdee5031aa5fe00bda4e

SHA1
01c39bcc0119d8fefae4a9e7a1601a420352bc91

SHA256
8deb8c6c58f0c1b8e341a58ae04d0c433c0685d866e1d249d7d5ca65b2d2c7e9

SHA512
1a53904e9ef1916e74d7791eb2926c111865c4c501543b2025f29b86ba8e0b543de3a491b94b7aaa22cda25f5268badf67e3c55d52805575a45f6fe1a09ec47e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
10d6a234c915add7daef79665f560f2e

SHA1
9c1f009c1da6fc0f50c4fc367ad3e425edc575d4

SHA256
2ba3d727761467cd18d853c53e1c3044e78995154237b2eb4def37e357182014

SHA512
7ac0acba030d79002656fce53e0216f9de7b2ec99a783358a6f63414a66faaac203696b0eece1c692a393a9ebca7fdc531e9ba04084bdaf3d2c3709d5ffdfb2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2401658ecb111e44c5f5662d8d1c3d54

SHA1
56391005f36154e29d07031e9ca5021d26c03da0

SHA256
7b3212b69ac879f0f7faf268d8ce3a79fe56c399c5456e3913db0df146116354

SHA512
617d4549348ce6b5217eddef7185ecda627032f2ba1cccc8e2c4d47fcded14a9fc30e817f9d37ab39e1e715d5f56e56398e152f0c3b7eab5c3d586f71d14a9ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d2400a2f2f0dffa1c2d149c7243589c4

SHA1
babc999083430b29d64ae332041481be1bc2a050

SHA256
a861f804842d54b86f059630cc1024016684681d9760bdb46eb29be670acce8d

SHA512
b0108c558e25058d8371d70b819341ec9580ce0edfd77b5cf090296074fa314d925065a868b5af606945387dc936a3d0024f84cc56261c0aff2a7978026eec4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a8fa418fd5c0978c4aa86ef048a9cb59

SHA1
c11d0d06e18315c7f4be5b1cd6f52ea59151e994

SHA256
148ceac973acdc9b35995194bae4548a247cdf3425d0ad5c97a31c3ebd56f4f5

SHA512
1302e37c2303bc02c781f8c5510de8eed8b118c1bbc7cad17fad995d67ec2d3a7f2470df0db6fd50b8f1497bb860ca4aa649928c2bf2bf2a989c0f48deef9cda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9afc7edd4c6cc9dfd9966431d9770237

SHA1
1f60908f95134f625fb4af8c0efa65e6cae55e87

SHA256
e2062559d2d99f68d86f648f91f522f7e33ba6905f4e1cd7e3107d567d561abd

SHA512
f8fe3f7493bfbbb02180c1a6cb08332c3f3c0bc78f16885fac51831afb01f004676e83c15ca4733a88bd64a61f879ede7ee606932606f9b6bb23b60b71a720ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Guest Profile\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
509131a479bc7aa11c495da3dd862311

SHA1
402068f274fd5f0a02061bf8798dd3f39fd06d61

SHA256
351d9066e582375cbf2aa8d45bf446cedbda0ddf36c677e09147a48e0a673a27

SHA512
97a6f2c1902c234384572a2a9eec5657dfcc5b95664c3873481f9b4daaec9e98110399b3b129ac35185f233cd99eaa92c1ae41ab57699f24fa5d00228c7eecf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
c813c3ca8ce375dbd255f638b3569bb7

SHA1
a4e7b92f8eb5aa57465a1ce0913fb691722cc382

SHA256
f9fdf869ad1016f094ffd1220c049497b0fa4f1dcb315f590bc16c92b5a8324f

SHA512
bf1c7dc6c20e687dd9be9862ae35915b51e8722f7f04436e7ed488f9e6e6ca08e7c89173943c7a583ad1f0a9548f14a91e8e446744692d02d23603998c61b79a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
b66782d41d9551ed5ce171b45a0a8331

SHA1
0d849df4633558f3b3ef20d0bb83dc0ccd77d9e7

SHA256
ba259f01ac36d67f30c31c53f2d661b6c33d9c8937f03af121d6891726d1ef13

SHA512
fecb57fec53addb3d59b367de3c90dd09834ec8df114266f8812a6107a3094f684b98c205fbac8647bc317a842395cbce74db467d0b89af9f33d82e5ec31b07c

Download Submit