hxxps://drive[.]google[.]com/drive/folders/1Sk8kTCVP1TC1AMAXrHaKzNUHSG2y1HSv?usp=drive_link

Resubmissions

21-08-2024 10:53

240821-my78favakf 6

21-08-2024 10:52

240821-myfhesyakq 6

Analysis

max time kernel
299s
max time network
303s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
21-08-2024 10:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1Sk8kTCVP1TC1AMAXrHaKzNUHSG2y1HSv?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
3	drive.google.com
4	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133687112270798567"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3900	chrome.exe
3900	chrome.exe
4712	chrome.exe
4712	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3900 wrote to memory of 4440	3900	chrome.exe	72
PID 3900 wrote to memory of 4440	3900	chrome.exe	72
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3576	3900	chrome.exe	74
PID 3900 wrote to memory of 3448	3900	chrome.exe	75
PID 3900 wrote to memory of 3448	3900	chrome.exe	75
PID 3900 wrote to memory of 4604	3900	chrome.exe	76
PID 3900 wrote to memory of 4604	3900	chrome.exe	76
PID 3900 wrote to memory of 4604	3900	chrome.exe	76
PID 3900 wrote to memory of 4604	3900	chrome.exe	76
PID 3900 wrote to memory of 4604	3900	chrome.exe	76
PID 3900 wrote to memory of 4604	3900	chrome.exe	76
PID 3900 wrote to memory of 4604	3900	chrome.exe	76
PID 3900 wrote to memory of 4604	3900	chrome.exe	76
PID 3900 wrote to memory of 4604	3900	chrome.exe	76
PID 3900 wrote to memory of 4604	3900	chrome.exe	76
PID 3900 wrote to memory of 4604	3900	chrome.exe	76
PID 3900 wrote to memory of 4604	3900	chrome.exe	76
PID 3900 wrote to memory of 4604	3900	chrome.exe	76
PID 3900 wrote to memory of 4604	3900	chrome.exe	76
PID 3900 wrote to memory of 4604	3900	chrome.exe	76
PID 3900 wrote to memory of 4604	3900	chrome.exe	76
PID 3900 wrote to memory of 4604	3900	chrome.exe	76
PID 3900 wrote to memory of 4604	3900	chrome.exe	76
PID 3900 wrote to memory of 4604	3900	chrome.exe	76
PID 3900 wrote to memory of 4604	3900	chrome.exe	76
PID 3900 wrote to memory of 4604	3900	chrome.exe	76
PID 3900 wrote to memory of 4604	3900	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/drive/folders/1Sk8kTCVP1TC1AMAXrHaKzNUHSG2y1HSv?usp=drive_link
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc8b519758,0x7ffc8b519768,0x7ffc8b519778
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1844,i,8764184598525697654,9294242600263921312,131072 /prefetch:2
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1844,i,8764184598525697654,9294242600263921312,131072 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1844,i,8764184598525697654,9294242600263921312,131072 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2872 --field-trial-handle=1844,i,8764184598525697654,9294242600263921312,131072 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1844,i,8764184598525697654,9294242600263921312,131072 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4348 --field-trial-handle=1844,i,8764184598525697654,9294242600263921312,131072 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3696 --field-trial-handle=1844,i,8764184598525697654,9294242600263921312,131072 /prefetch:8
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1844,i,8764184598525697654,9294242600263921312,131072 /prefetch:8
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 --field-trial-handle=1844,i,8764184598525697654,9294242600263921312,131072 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1844,i,8764184598525697654,9294242600263921312,131072 /prefetch:8
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5248 --field-trial-handle=1844,i,8764184598525697654,9294242600263921312,131072 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4704 --field-trial-handle=1844,i,8764184598525697654,9294242600263921312,131072 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4740 --field-trial-handle=1844,i,8764184598525697654,9294242600263921312,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4916 --field-trial-handle=1844,i,8764184598525697654,9294242600263921312,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4712

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
456B

MD5
83c3f0e9911fffd9731ef0f68780ab0e

SHA1
a8159ac0017b0a41239ccae667cc931f56c96c20

SHA256
9671ea10680f6d6801a0f680ba5f8841623afcdb5bebda8af935b3b74fe26348

SHA512
d836612bc2792205adc856e4ebb09d27f30afa125b6b5b049acf68ac4863e6773c50aebe032436a0f3bf273f7c73a1054f03f10adb147fa435d44fa2f44a027e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
ab6d780da4546a0f188ca60f6a308d50

SHA1
1cc8e55ce64862162597de0ae99959abd81e4139

SHA256
cc5aff836c5540877a72e6fbfa0e156ed74fc81365f4cc985bca7874d54e94d3

SHA512
eb1e5082bc8da2c092bdd60ab2adc6f65cda50ff9cfa81281dc6ed2e87ddf2b50afd0b12570ed91fb9e2e61fbd8ff72051d3153bca53e8e868e823e82b59fd41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5df2f36e41f8407018e80b9313319723

SHA1
5af6113f345bc51563d4fb66dfd4ece54564a59e

SHA256
d6f4a416e5373733667f496c22bdbe60b3098e246c04b7d4930e2cf92a0b0cdc

SHA512
c77f6dd67c4bbb05c3b96e836a0b877f88f3b856c075fc40a029cbfdae087349b7ea53920fd017afe1273f9e129a82ca85547d86a7188e2cbdc519f131859977

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3c1e82aebfbe65fd16549069cd7658f6

SHA1
237fbc91d78f35bc8ca5ac7f8291f4e0dffe4800

SHA256
b13195d33c90fecfda33bc6e2047eca457600fab990c3671a959a49279e4ea21

SHA512
697a6627401e8936a2f6e891f36d8b659c91c597a7899ee47e9a246d4ade67aa3fc7cd73cfa716b99579492572e38a59b1834ae2df2fc2558fc66beeff3379cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cd0a6d2a7597df37ca4f24ce8b98ace5

SHA1
9de5076c9801f8ea55d7ccc7cbebb6ad6adccd9b

SHA256
f3ebeb75347caf63e8c13874ce699fdd6c654e6e67e1ba9f5ec79fa9525174d9

SHA512
5710ec81b4b1689da0d99c56567ca7636e027ef07433ce8dd6bad2cac405c0b75836b62dfa73c92ea6fe898f7072d4a9b0607379e26a87679c32d1a8f29883e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
532B

MD5
2d1e83195bfdd8e8d339d6e2baba3717

SHA1
9225febbd0ee762aa5a3db28bb931cdf9c89f0ce

SHA256
f62bc66d49a0e833006566f3df51935727b137920b8be1400b74030d57967cf0

SHA512
b435e83892177fc5f74a1d356b3fb652663307dd1fdf6c5f7ba8470b702c93270757b64a3fada757ddd5b5665dcb837af3e1639d435e7bad4c9d3fc01758ad38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
534B

MD5
d2940de38ba64d38975ffed258223a71

SHA1
6646122b8f1576c666b9208717dcd649d23dac58

SHA256
58b51f5cea3f054939bdd8cfab557ab9c3de84ca514d780a53d56da162214256

SHA512
4a57a62891048f34fef04c0e63dbc44efee6e211c6758f879e8b73daa163c0e131668ea0b572be4f107954f07f2ebac832f53659d61b4bc37ec8e436c84847d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
643e8ac156be7321a4a75ba1bad87a26

SHA1
5a48528b6627761c5e46fcf675eba621401ddcc6

SHA256
18044855aac6472572e9d8cddff8311a93e9e4d53fc14660d35fcf5e0e96b59c

SHA512
9272924e4090c736c1ddce0b26d5f23d998e15e40ab5d851887a1d7cdc9171c5fdb04501ed273f11ebd84d99fe5a0b0741d3dfe8d17695029469a16c49f528b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3acce73dba2d207ad91d314f45198661

SHA1
b4123f8256a2bf9eb2fa8ffa595588eae8d75457

SHA256
6541c208ce6ab8cb04f7cb43470bcaa00976c7c432d1d30c20f5c48b2030b8d7

SHA512
204496ccb86a9fe4fe4492a6f35ad864a2a628a04712e843c6cbf33ca1dbba4cbc4eb43c4d5e059969fd64ab532d0812720bd53aa17eeffadf11da92413f9993

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
71bfa61b5acc399234611d76eb948d49

SHA1
ff7815feac5229f734ebe9e5a6fd3067d4566f69

SHA256
8589313f927a50c2ca44ce1c72a9a1ecaf8b8649557e9462aeb3dcd0203b7bbf

SHA512
7a6f7f994cfdf673151cd31c6ef789be5e639534bd78be9eb5b5b3c7e99107fbdbf50314343b5c1babf383aef1731ac8ebe2b65eae668ed5768b142b63c2af47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
8145a4832f97150e3be0be518dff190d

SHA1
e4d8216404ce04a330635d9874774798f2865015

SHA256
e05ad4e2ff54879adeed37ae457ae2bb60b8fe7d0ead76c92cb7d1a7160205c6

SHA512
e65f1e10d78031e0e36b34bbe77615685dfaea2a1193adbd87d6e89fd6fcfc99b0242cc952fd2c9d56e0826355fe4416d42e600a08a45f01b3f69e33b2c73fad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
a8688a03cce092e7378d3862c3d5ea24

SHA1
80b184c99a4af131621fbab695c49794969a3551

SHA256
293403e48550acd8777fd5b3ca6456c9a1f3f0e3c1b248ec1759564749807bbc

SHA512
b56aa43fb98af849758ba81af52ee10156b2b68f143a3596d2f54665c840210f7d2beb703e5ad756c0bddb48b3e6214e179394ea1ad5ba0d4c8283c482ab9193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit