1aaf139d28aebec2bd164929be934433b8097a6729352a9c51ba52714aacb691

Resubmissions

25/08/2024, 10:12

240825-l8vvesyeke 3

25/08/2024, 10:07

240825-l5r95aycpa 3

Analysis

max time kernel
282s
max time network
589s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 10:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

The Henry Stickmin Collection.zip
Size

421.0MB
MD5

819178c3fb973d848c58d77c7d78c8c9
SHA1

2e6baf86d06b9a0d1cee2581bc78d435c79a64a4
SHA256

1aaf139d28aebec2bd164929be934433b8097a6729352a9c51ba52714aacb691
SHA512

73ab23a4924309d0edc7165f4eed72380d8532ed87d7d88115c468767d9e26bd49b698e5f19172d343fa80e813215a185af3638966b31b928652549ef87c11e7
SSDEEP

12582912:ubxO1egvWqp5Y5IzSyZGbXGq/ZxjcsRZXO3Gu+UcvpaF:ExTgOqpSS8b//ZxjcoZXO3FbchaF

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: 33	2656	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2656	AUDIODG.EXE
Token: 33	2656	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2656	AUDIODG.EXE
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe
Token: SeShutdownPrivilege	1692	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe
1692	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 2544	1692	chrome.exe	32
PID 1692 wrote to memory of 2544	1692	chrome.exe	32
PID 1692 wrote to memory of 2544	1692	chrome.exe	32
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 1280	1692	chrome.exe	34
PID 1692 wrote to memory of 2616	1692	chrome.exe	35
PID 1692 wrote to memory of 2616	1692	chrome.exe	35
PID 1692 wrote to memory of 2616	1692	chrome.exe	35
PID 1692 wrote to memory of 2776	1692	chrome.exe	36
PID 1692 wrote to memory of 2776	1692	chrome.exe	36
PID 1692 wrote to memory of 2776	1692	chrome.exe	36
PID 1692 wrote to memory of 2776	1692	chrome.exe	36
PID 1692 wrote to memory of 2776	1692	chrome.exe	36
PID 1692 wrote to memory of 2776	1692	chrome.exe	36
PID 1692 wrote to memory of 2776	1692	chrome.exe	36
PID 1692 wrote to memory of 2776	1692	chrome.exe	36
PID 1692 wrote to memory of 2776	1692	chrome.exe	36
PID 1692 wrote to memory of 2776	1692	chrome.exe	36
PID 1692 wrote to memory of 2776	1692	chrome.exe	36
PID 1692 wrote to memory of 2776	1692	chrome.exe	36
PID 1692 wrote to memory of 2776	1692	chrome.exe	36
PID 1692 wrote to memory of 2776	1692	chrome.exe	36
PID 1692 wrote to memory of 2776	1692	chrome.exe	36
PID 1692 wrote to memory of 2776	1692	chrome.exe	36
PID 1692 wrote to memory of 2776	1692	chrome.exe	36
PID 1692 wrote to memory of 2776	1692	chrome.exe	36
PID 1692 wrote to memory of 2776	1692	chrome.exe	36

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\The Henry Stickmin Collection.zip"
1⤵
PID:316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7229758,0x7fef7229768,0x7fef7229778
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1372,i,15642909195023077737,3877593223046264052,131072 /prefetch:2
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1372,i,15642909195023077737,3877593223046264052,131072 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1636 --field-trial-handle=1372,i,15642909195023077737,3877593223046264052,131072 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2080 --field-trial-handle=1372,i,15642909195023077737,3877593223046264052,131072 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1372,i,15642909195023077737,3877593223046264052,131072 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1604 --field-trial-handle=1372,i,15642909195023077737,3877593223046264052,131072 /prefetch:2
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3172 --field-trial-handle=1372,i,15642909195023077737,3877593223046264052,131072 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3604 --field-trial-handle=1372,i,15642909195023077737,3877593223046264052,131072 /prefetch:8
  2⤵
  PID:616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3700 --field-trial-handle=1372,i,15642909195023077737,3877593223046264052,131072 /prefetch:1
  2⤵
  PID:1520

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1980

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1760

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7229758,0x7fef7229768,0x7fef7229778
  2⤵
  PID:2860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
51b3f2696f2411664a3530ccc1b78570

SHA1
71a56319bbe5a4cc81c9002a32622ecee1539785

SHA256
450844e776ba0af5dcda1885d25fef8f269f1ee79c51e9b42c691a706d8846a9

SHA512
d166c48bea335ef71e9b397c4254d6f129b96703866d19ee380f9967fa93013b4cfcf3e55f70af73debda99a340704d73f1864c71e33681385ed069b7fe691ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c3b47805683890627765db36809457fa

SHA1
5e457894060d47db94ef4b1f6d08928009dc4c42

SHA256
caae3e35793642f21a655f05c58468b17574d1aee0a807ad6cf465215fb32a2e

SHA512
753bf1fe11b2759d7995a5eb5f606e2ae15ff914ecc9623a129c9d7f83be49971e083b4ada91a00081cd7943cff19c2166ee6466cafb936daa7e011167633929

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
64cadfada7e0111f2b61a6bfa56c5d04

SHA1
25fefda7d1652a0bef3f97dc91b38713d7dbdb0f

SHA256
0b3f4989dc319049903aa733d5d253448678b52775fb9f7a3584e610e3df972a

SHA512
b4b18ab9d022ffa6f75f3f69e77647a649c209fa33ce66176023130d4e016fe0d35e2c24c9c20d1506adbf4d279945765a9997e577e7c0bbbf0436ef4c0e3453

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
987B

MD5
875b4b2385f5b9e66d759b001fcf5ce6

SHA1
ebcd741f845470af109c0ed39108e8dc5af97ced

SHA256
4dcc1916000f1ec70d3666ebf3aab7a954ae92f1ab708cd64a19a5eb05644cc2

SHA512
9447210db5c6b6e1c1e7e0a666acd6d085b4480e59f232902e4ea614068fb606616cc17c700f5cf77c6f50ae81ff3a76a936daf0f81d4e808088d3ab4a62e492

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f3d8116798831f90b4a39acaa2c9d0c2

SHA1
a409933c24363050e7fd0b18b7bd96b8c445c815

SHA256
bd329c8fb16751b83c8b6fff52213479d766a8b7d4aa14a6cadfa0b7d3d05387

SHA512
7e5d13b7bd8af33a02f1d0f8f58d09bd593e4e432ab2c4270747378a4a2925340edc4e6c08dcc63079cb5c225bc118ac3123f70c6f9c493b53d0244e5d5e62e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
ee98c1053cf4346f27953d04316f307f

SHA1
c5312da5cf10d87e9145f4286be4754d2d676db7

SHA256
5e807a43507a1fa8abfc1c14dff4c5506806ffa561e6fb757740d89b0300d19f

SHA512
c030354e78bfddff64aefe021a3373316f398fad6876c893a987dd0adbdedba64fd7697d8a26eff86949b97321f0bcab9dd2a651a5bf9ad398e7a05c6f5093f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6e2777311ae7d42411daa659ed8f1a6b

SHA1
c0e1676720305299f7f6c8e68f7a996e4bae7e77

SHA256
01b1e95c525aefa699cd071a07fe9efb5bd72b201be9253b7b179f0ed9b40e7b

SHA512
14f04cbe3060c63e064f9da829f6c534b5b895de06f3f9ff5194c92ece622a39ca368323b301be6bd0df2e676ca013980f874f8b90205e728c0cb1b264c141a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
692241766375f2e47232018f64c3dc79

SHA1
8bf3b4384f4963c90f54aa711317cc62789b858f

SHA256
b85904e008e6e5f2ac908d7b83f435c94b5a03d0cc729889ba49ab6aeb71e09b

SHA512
1d481b5a460e3198a5763c468d46bc4221d9e9bae331e1023a6516256973989ba4881343deffc14d13f70604863bf0510f24a7f03eee0648bbeb746faed71a2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
30a05cc52b2639e38fd8fcfe5cc8da60

SHA1
fd013b0f4ca3bc1af35c663f2e727b8d3ed8ff3c

SHA256
a81615c952bc5ab5153e0286146362eb964700b5a2a8a6b62cb1aaf20ae4c6f0

SHA512
4c7c2e1c7323ab4009bf5024c492242fadeaed9fb3fedb470ba3be092b6a62ad2e5beb012af9ac49831684975d61c5131fa7a6ab874e8b473fad4937625d8684

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
314KB

MD5
bbe9402e8d03c1c825817d7e64ab975c

SHA1
5bb9a6209db0b451ad368f160d0edce2d0bac7db

SHA256
10f63fd2cfc7a8b908eea677ad161c839f9f8948c5fd9b25b2dd805d1f785594

SHA512
8dc5761423f81d2b273be6a7b2fec976077b84790a61f9d78b78317c1a29cddc29e6dd6c1061427ebcb15420e281278eaa90bbe516f2192e63567a13ebdc6cf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
314KB

MD5
87f12b6a621286d74a30ed6d73881c8a

SHA1
39ee2969f41a958d336bfbdeb730b67b02cbc7f9

SHA256
7ef82e9f7f713d47f0cf189b0b49146a721e70e0869ae819203566d2bff46fd9

SHA512
dbc4416632a465347a19231bd8700330020e796fa0bae76befc4aa51601c92841850e68c3e2540909f8c8a4d49f841e0d359cf9c3470ff1a71d13aa9bde44286

Download Submit