hxxps://drive[.]google[.]com/file/d/0B664T4076FC0aEdCTy15Zk9YcUE/view?usp=drive_web&resourcekey=0-x_YL1L21lO1jpcK1zQoIVA

Analysis

max time kernel
149s
max time network
141s
platform
windows10-1703_x64
resource
win10-20240404-es
resource tags

arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
13-08-2024 17:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/0B664T4076FC0aEdCTy15Zk9YcUE/view?usp=drive_web&resourcekey=0-x_YL1L21lO1jpcK1zQoIVA

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
4	drive.google.com
5	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133680427656293533"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1380	chrome.exe
1380	chrome.exe
1512	chrome.exe
1512	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 1260	1380	chrome.exe	73
PID 1380 wrote to memory of 1260	1380	chrome.exe	73
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 1668	1380	chrome.exe	75
PID 1380 wrote to memory of 2532	1380	chrome.exe	76
PID 1380 wrote to memory of 2532	1380	chrome.exe	76
PID 1380 wrote to memory of 200	1380	chrome.exe	77
PID 1380 wrote to memory of 200	1380	chrome.exe	77
PID 1380 wrote to memory of 200	1380	chrome.exe	77
PID 1380 wrote to memory of 200	1380	chrome.exe	77
PID 1380 wrote to memory of 200	1380	chrome.exe	77
PID 1380 wrote to memory of 200	1380	chrome.exe	77
PID 1380 wrote to memory of 200	1380	chrome.exe	77
PID 1380 wrote to memory of 200	1380	chrome.exe	77
PID 1380 wrote to memory of 200	1380	chrome.exe	77
PID 1380 wrote to memory of 200	1380	chrome.exe	77
PID 1380 wrote to memory of 200	1380	chrome.exe	77
PID 1380 wrote to memory of 200	1380	chrome.exe	77
PID 1380 wrote to memory of 200	1380	chrome.exe	77
PID 1380 wrote to memory of 200	1380	chrome.exe	77
PID 1380 wrote to memory of 200	1380	chrome.exe	77
PID 1380 wrote to memory of 200	1380	chrome.exe	77
PID 1380 wrote to memory of 200	1380	chrome.exe	77
PID 1380 wrote to memory of 200	1380	chrome.exe	77
PID 1380 wrote to memory of 200	1380	chrome.exe	77
PID 1380 wrote to memory of 200	1380	chrome.exe	77
PID 1380 wrote to memory of 200	1380	chrome.exe	77
PID 1380 wrote to memory of 200	1380	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/0B664T4076FC0aEdCTy15Zk9YcUE/view?usp=drive_web&resourcekey=0-x_YL1L21lO1jpcK1zQoIVA
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0x44,0xd8,0x7ff83b899758,0x7ff83b899768,0x7ff83b899778
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1784,i,1063143084959447612,11400545381232017918,131072 /prefetch:2
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1852 --field-trial-handle=1784,i,1063143084959447612,11400545381232017918,131072 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2136 --field-trial-handle=1784,i,1063143084959447612,11400545381232017918,131072 /prefetch:8
  2⤵
  PID:200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1784,i,1063143084959447612,11400545381232017918,131072 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1784,i,1063143084959447612,11400545381232017918,131072 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4560 --field-trial-handle=1784,i,1063143084959447612,11400545381232017918,131072 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3700 --field-trial-handle=1784,i,1063143084959447612,11400545381232017918,131072 /prefetch:8
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1784,i,1063143084959447612,11400545381232017918,131072 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1784,i,1063143084959447612,11400545381232017918,131072 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 --field-trial-handle=1784,i,1063143084959447612,11400545381232017918,131072 /prefetch:8
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4624 --field-trial-handle=1784,i,1063143084959447612,11400545381232017918,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1512

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
a8d0655cabc082f2730099cf6e3808b4

SHA1
fbcae1581dd1199c08a88a63b1d35cf40834e562

SHA256
fc85c62d75aaa11005ec2f047fc7cd907b81babbb0027d0269fee9af257e4f0f

SHA512
ed3092494e130c6decc2d10ebe3fd791b342b4411a8a1bb4f009f0b17b3bf5e934a9dee4f87fe51c49922f397c42e8fdd80a752d1059397a74fe2cc617ee5795

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
c30c1cadca19395a34f2c0b5c933895e

SHA1
ce552140c3533ed45afa0d5cf72fe9b367857174

SHA256
b55c3ebb1c97be593c6f15de2b17ac9f11bd98b7991a9ca2b4183e3cf70eb774

SHA512
cc222e47d9c879a8c061a8039c8086d8c78ed9aa6d4df2a4796e57dc35e30c85f58fda27ec3d2f3bea9c625f920ee63e19c5674bcb0cccfb25224def18fce828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c4da0557c236275c06efe6395fe9f86f

SHA1
0947df6cdd63e9a98b045d0b6be0065dad3e5c2d

SHA256
b9ac39684348580be2e38670751f06ac6cd3f06a2b5d64693738f9c9d6317079

SHA512
3f681f717444be5c843709bd431461d50bdbfc08cfba105d85af6c053bdce3d59bd844349b5ac033456b1a34995ae89fd0959cef617a82364a60403aa03d038c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fa5c5591cff194e77fdec680c44573bd

SHA1
3a58983817812e97d1b8443ce437deaf6061c6bc

SHA256
569593b4db177cdda9b76edcf952cb89cac0592e0dc186da3e04c6c3057d619a

SHA512
0bbcc1238b663d74b687cb7098ebfa692c86f611c75c94c526f6dda4282f765359e2ca3c0dc74996c2ba1742bc82af34255f0bf6250427e582e1e676b638b0d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
2152e6aabe7e35e67a8dbcbe1651f7ff

SHA1
505c5d7346a9019509642a2375fdac71eebd5bf4

SHA256
6f8f25ec1fac768e03aff2592bcee5b0dafb03495ede05a34540e998ba3862b0

SHA512
28fdf2a3adba3836b811ad6f95454848e3e575a9372b5ce10196da0d095f0bc3aa98a4e7fe7941fd7b7255ce0c38671d9e4cc4d527cf2322c19dbfa43b538e4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
97b879b113ba8123d575c9be80d416c6

SHA1
b1927be7a39d00d1b356df147e2ef93db9250746

SHA256
788ddfc05806f24efea3c0732b47bb94e668c833949390bc6247a783eaf3c0d0

SHA512
1a9afbf341e2fec6416eef50213c69edaf0f00716ada50ded6c5f46952311a2c08dcd53ff0348e2a3df8a9cbea76236f3433e37f1f13e1864526c2afab0e0f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
6ba4ce1154bf247bfd80050952c3b505

SHA1
4325694e32dc7b45d80f00d6d131f119e1181c16

SHA256
e357cf2d29d6cbdabb67ba43dd8b09a6c04953c8b4ac7b1cb12057493b0403a9

SHA512
1fd7046b29b99036d753917059f58de526b7976c984e3c5d2864bc43eb15041e01e140a0b97682db879f8eecaf56a383b7312c13d3e862c56bdf4be7c7286e2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
945cbd397ed8e21345e2f9ec003dbd6c

SHA1
c0b1b49dcad52070db7f7359e54a31ce31e6a6a1

SHA256
e988552dd99ff7c120814cdb65d5225f674cc711cf28a9bfd73ff0841fdb7e35

SHA512
30d13b5207ad59d02483f9c8ac969507da971a51bd6d12880385759b14c99072bdb668f3b771cbdb16de1294d953d05fada3e117e73ba6e717939635fc461446

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4ad910061bcb06999d81f7bc306d1e36

SHA1
1701309fc400e8b62c3f66f369bb53f97e79425e

SHA256
ec3c5fe3fbefae5b8812eb86a9b6400964e25ecca3b80c0a8537b7d5b421eebb

SHA512
1ce7b17923f6572c19e2d85877c05ec3c3c17128fb1de05a34f656617b99c4e372ce43420dedeb1220a55a11f71e706a11d32305743187cce9275bb325c97c9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2c99691ef938845140296f6abfc20116

SHA1
f1778bb0ee890a4ac52dee12ab60a0022195b5c0

SHA256
29a26ecd19da757204e799aa69896048e2bbabf4bf74ca22578a92292d8ddc8a

SHA512
cfa227472585a0ff264a8fcc668cf4c7470bdbe2c88e242c8a95ab5386645aa602d6429022217b22fb15b16ce7d8ec593a7b81f22366e84b79fc0789a4799a70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
268KB

MD5
c5e7070f85294df672fb055035c64793

SHA1
e729f65716635670066e8f2906ea0bf62ffd4610

SHA256
876bcb8bb4983ee02ffb6ed4a43240db322a95d4ae0a4511c464d34369878e6f

SHA512
510863a3eba5d2a5bf0771e4d07dd62a4b480a059d1526d642c97ede18c292bebb87a917b4d1e149f0948c8ea87a9674ec6f18dcf3ba42701f9dcf5ba9b67e51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit