hxxps://malshare[.]com/sample[.]php?action=detail&hash=af9370395d6dde90b045c1e0f8a2e212

Analysis

max time kernel
300s
max time network
298s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
17/08/2024, 12:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://malshare.com/sample.php?action=detail&hash=af9370395d6dde90b045c1e0f8a2e212

Score

6^/10

discovery

Malware Config

Signatures

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133683721561362728"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
3856	chrome.exe
3856	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 1444	2840	chrome.exe	71
PID 2840 wrote to memory of 1444	2840	chrome.exe	71
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 3592	2840	chrome.exe	73
PID 2840 wrote to memory of 2276	2840	chrome.exe	74
PID 2840 wrote to memory of 2276	2840	chrome.exe	74
PID 2840 wrote to memory of 4356	2840	chrome.exe	75
PID 2840 wrote to memory of 4356	2840	chrome.exe	75
PID 2840 wrote to memory of 4356	2840	chrome.exe	75
PID 2840 wrote to memory of 4356	2840	chrome.exe	75
PID 2840 wrote to memory of 4356	2840	chrome.exe	75
PID 2840 wrote to memory of 4356	2840	chrome.exe	75
PID 2840 wrote to memory of 4356	2840	chrome.exe	75
PID 2840 wrote to memory of 4356	2840	chrome.exe	75
PID 2840 wrote to memory of 4356	2840	chrome.exe	75
PID 2840 wrote to memory of 4356	2840	chrome.exe	75
PID 2840 wrote to memory of 4356	2840	chrome.exe	75
PID 2840 wrote to memory of 4356	2840	chrome.exe	75
PID 2840 wrote to memory of 4356	2840	chrome.exe	75
PID 2840 wrote to memory of 4356	2840	chrome.exe	75
PID 2840 wrote to memory of 4356	2840	chrome.exe	75
PID 2840 wrote to memory of 4356	2840	chrome.exe	75
PID 2840 wrote to memory of 4356	2840	chrome.exe	75
PID 2840 wrote to memory of 4356	2840	chrome.exe	75
PID 2840 wrote to memory of 4356	2840	chrome.exe	75
PID 2840 wrote to memory of 4356	2840	chrome.exe	75
PID 2840 wrote to memory of 4356	2840	chrome.exe	75
PID 2840 wrote to memory of 4356	2840	chrome.exe	75

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://malshare.com/sample.php?action=detail&hash=af9370395d6dde90b045c1e0f8a2e212
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff25ea9758,0x7fff25ea9768,0x7fff25ea9778
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1848,i,17893491922887786866,18423807315579277636,131072 /prefetch:2
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1848,i,17893491922887786866,18423807315579277636,131072 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1848,i,17893491922887786866,18423807315579277636,131072 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1848,i,17893491922887786866,18423807315579277636,131072 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1848,i,17893491922887786866,18423807315579277636,131072 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4500 --field-trial-handle=1848,i,17893491922887786866,18423807315579277636,131072 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4628 --field-trial-handle=1848,i,17893491922887786866,18423807315579277636,131072 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 --field-trial-handle=1848,i,17893491922887786866,18423807315579277636,131072 /prefetch:8
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 --field-trial-handle=1848,i,17893491922887786866,18423807315579277636,131072 /prefetch:8
  2⤵
  PID:200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 --field-trial-handle=1848,i,17893491922887786866,18423807315579277636,131072 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 --field-trial-handle=1848,i,17893491922887786866,18423807315579277636,131072 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3008 --field-trial-handle=1848,i,17893491922887786866,18423807315579277636,131072 /prefetch:1
  2⤵
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5676 --field-trial-handle=1848,i,17893491922887786866,18423807315579277636,131072 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4588 --field-trial-handle=1848,i,17893491922887786866,18423807315579277636,131072 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4472 --field-trial-handle=1848,i,17893491922887786866,18423807315579277636,131072 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1848,i,17893491922887786866,18423807315579277636,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3856

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
a195adcce146d031753e4ef38af6a16f

SHA1
9a7d61ff9a1ed82c666b999e1df6c5b86a263c51

SHA256
fc3e6bfa493c1868db5afc92661227ff9cdd71649d46a226cfeb18dbcc23af04

SHA512
b4abb1632a083241ef62651e4cda0a592c5e85e04f5e2b37293e5b23025a54845d7d242f81576f8f7f6ce83ddc95e13f70bd9b8dae4924e5337a2cf37f8c7a61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
da871f3c8f296fceb6ada6a585942f5a

SHA1
62f55034b83ca21b87ec0f841ad45700af4a0553

SHA256
04a6dc04b5e83ac29b32c27f90d5b825f953739dd90c8d826567b044a4ff812b

SHA512
c3ff74a15f78851aa2dee5ee0f594c4e83f5570212afdc4f2ca3acccf70863bc211c0531d2eb99ef2e1970e2faa8090779c76d92a6304ad81d5979b5d5656cd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
60e5285736cf50e91fb26498a4367dcf

SHA1
86bc8c45eed32d6a00586199785feb1ba761bc11

SHA256
3cd3d0a1edb957c9e8399cc92a9b7568d8cd89aa5d4b058c5bcf23d60e97705b

SHA512
a698b5bad218c8d499efefe6e8d551401bd9d4f0dea49f94c4e7f1b0e03dda3c69d91fba9db590b4325d89c7a0a066ae9d69d8453b468b3b0c1bfc44605daffb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9747a5f9a6434a71fa6a8d3c72c52b6e

SHA1
f3d65fd3018ece8d4097b5799b330824c22c5919

SHA256
15a180a1ee2692d50b7f57b7b6407b6105c0955e5b116b24a37857fc0180f4c9

SHA512
6a3c05db6f0f223f5e876699eb43036fce8354b5a8ada0456c5be911dfc413f8bc04c761b8f03db03d2603e15ab28970f1d314824db98f69c807189783365f6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
873B

MD5
3340015304ab6aeda1fe4a7828cfd706

SHA1
82da7e763379ac99a8761055b7ad4194e7b6946f

SHA256
a279c55fb06afc2033c48fbd6ab3013ceae3c3284f48ef7c8b2b2808963cbbab

SHA512
5f236d306f8ac1bac76487c4b9826f5b994eff2398b6d6a5161f219f711f9549f17c75308eb1a309005466e0e6694a79b560df730734ca0362d221f64acf13b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
5ff7e3e0afa1ab9540d3f855d4ca50ae

SHA1
ac0af267c393b0ca74e3f4789777f34fed15ae8d

SHA256
97a1cdae5d1d6c8f412c7df4e61cb8fc04f293f4a3e01998daefd622da8a068c

SHA512
7953aacde37b384ffb0a276cc217a7194e7563bed86bf96ec48f225173b54a3c11d281063287130dadf0c8b9863203642f33c92fb4d4e6767d56f591e057a824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
6177b8ca39e26ec60c74995b8b0895cd

SHA1
16d5895ba8a0c636c01b485ab15a49317deb97d2

SHA256
a25cbbd2faedea01ddc74a23b08a393ea72484a637d15586feff145ff929d7b3

SHA512
5e5ca54ca3103efaa774251add2b457cc9b7dbe2d16dd3772887ed608ac34a3f89b1332f1d651f5f3c47e0fce57f507658899b7941d93805f339c581eb70bde6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2109615e98d896da43913e79f40c9aed

SHA1
02f24bdf23594e3683f7f4153e15bfea98404e67

SHA256
99fe84fba4a42f5728a2942f12cf1df9d029fd4e16f8ca0196de6ba79a4af0f3

SHA512
a020c434ea457913b0893a77dae1fcb3db8438eed2a9cebbc04c76710229cd1c89d8ae3dd6ff168e1245342a573bcc7cd4bbd2cf7062a6f73e8a0680c771639d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
912eac05827012344fe4bb7916da80ba

SHA1
4b32ce53485a9af079b4af26cbcb75e81ac6dfb8

SHA256
ccc7af854dc74aa5d91fc975e6980a81c62d21cbc0944e5659e3279c8f709d01

SHA512
b3da20f3035eea2c08c0a1a9e249eb23d1df17d0156dcd1e2a511097e1a2756d89f761a78544fa356ed1620b61c2ba3d73071f2ffabfeb09d1859031e8cf55d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ee8352972fdc6b8fdd2848a8759c9d94

SHA1
c468b19913375972a9343a03fe06df7acbf9867f

SHA256
09b05b57c470128a887cc3f6e43b625946b1374964a61a5afa616a4b9ac80d7a

SHA512
4d998db9d860359c20754f12c8fdd9e37a1e9c093ec80b5db5322bfffb942100817e16471a2c742720ccf6d1363545ffd4fe5e4b33776960b49c7be9482e22c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0568d32147a599b1966f8862ba159cb7

SHA1
f166c9f699d3f25a5386e36bc661a04460fb813c

SHA256
df65a6b08f193663d54e6781f85029bcb419d8fd87b278a2cc17abce63a7bca4

SHA512
b1bdb0c2afaf5b2e2918e036354b8c77edff693528e376100a78251746c9a5b3a69b8f9f0cc0d2e733869496ce0d563556e5da5c4bbffc5b92844cabdbbe9bfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
073756a4c17161b3947efcaa0432ead2

SHA1
3d1f076255d6dd4a91dbb7dd0e4070dff9c8767a

SHA256
b9530a6d94c750956f7145cb6fc69fcece2a60775df9b751785e42b775c0c99b

SHA512
cb53655b98866d2fabfe4053b4196bdcdbd1652e0a040a37cd992b420ffbc226d73eadb1593746b1a94b2b07c868a081bbfe3e42da91f7b8a691908f548980ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
afd27c333593f2e603fab480c63a6cc6

SHA1
f4a1e7cc77b00208f494b22c24c57b6bfe1c2cd4

SHA256
d558ac00e7ce2650bbf2a6f8c18501f004bdb643afec7f4b83f52299feff3a06

SHA512
12e5a92c6d3686f59b70d462860b5365ba998810ed39547977b0a9d8a6bafbc4a49f42ecb80224e78985b1cde992bcd672b5d2331f5ef697c279d5fe1f33d87e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
ace0d56b03f43418d12e395cb15bc16b

SHA1
fee957cba8c55d471179089fab3f41822363555d

SHA256
2ef6f19f8f4a6e5f005697aecdaa0f6ae42a64cddb5f451339bd2697d93e5e5b

SHA512
338c7841fac2e44eb265e103ec713c49df9dd91444a2ac66835ebf3e063aa0dfde41896f2f297dc21a4bcd738467c3799946a0bbb6565a7bb027c32a7aa9f41d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
631f352608599817dd8b6cfcc743a011

SHA1
14700b8906cc4a7f4dd04540de1deddd6f3b47ca

SHA256
37742742b568337b7c65dc6fbf589d026802b2940880aa0b3682c2dac636540b

SHA512
3a7e0798a1bb9de24e368897b57d143105592dac7befa5408c7628e7c3082203714fdf534e5f31a233fadee3e1bc50dfba7c927c55527b4f0142e57722f83382

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
214KB

MD5
dad8984ad97e2a25f765a821f63f4fac

SHA1
4bf635b6ad1f7ad1cd1d6b2e40500576812a0971

SHA256
37370a47f0a466e47763a96376c2a2900c1c279c4706ea44c13c2b1ba9ec1fd8

SHA512
2c6a76984ec88e80ac0463f551ff831fac1a5a8fddba4d3482f8a156e364cf7b70871d434d77aae380b980021aeb8652bd029d9e3e497f5eb67f193ac5742097

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
09de6db1d487093a5a447e451d3c9195

SHA1
6eb918775584bfc6b211509d3b6f07ce50bddb59

SHA256
74c1565987f781f860e1e9e61bb0b5ec6329d2c6a549fb666353df3a90a70ce6

SHA512
87607279ffa896e346af150f39315200daf60fa30c653ae41c9402b16261a3b94d121baa0562d8bd647ba48d1a87ec9e855287e250c147312d3d341f2c822aa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit