4d767651c0fa74db79138f74db98df69a435d5c1683f9f6114656600502ca0b0

Analysis

max time kernel
150s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
29-08-2024 05:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ServerSideCmds.pak
Size

3.4MB
MD5

5964223b2b13db4dce477b677ee394b4
SHA1

ebc59195fd2121b7d476921905f04655d6ca089c
SHA256

404b66b2d4a919aaf251c2b07505131d34e309a2d15d21de3ff738b9c2de4fed
SHA512

7030b14deaa75e54e6baed9585e65f52991a378d50ea818e06eff43ba701c05ef2c1b8065b3541ab05e793f23214666cba14246cf0f5646a3293cda9dd73c32d
SSDEEP

98304:nou/13h4wQ9XwPgcYtIIDGOPkepe7es99oaXIkLY:nbkwmXzcAFKOcaeH9SJkL

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133693846415627746"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	cmd.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3512	chrome.exe
3512	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe
3380	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe
Token: SeShutdownPrivilege	3512	chrome.exe
Token: SeCreatePagefilePrivilege	3512	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe
3512	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4824	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3512 wrote to memory of 4840	3512	chrome.exe	88
PID 3512 wrote to memory of 4840	3512	chrome.exe	88
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 1992	3512	chrome.exe	89
PID 3512 wrote to memory of 4680	3512	chrome.exe	90
PID 3512 wrote to memory of 4680	3512	chrome.exe	90
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91
PID 3512 wrote to memory of 2688	3512	chrome.exe	91

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\ServerSideCmds.pak
1⤵
- Modifies registry class
PID:2872

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80b89cc40,0x7ff80b89cc4c,0x7ff80b89cc58
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1844,i,11422534733116477111,7892073817601737092,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2076,i,11422534733116477111,7892073817601737092,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,11422534733116477111,7892073817601737092,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,11422534733116477111,7892073817601737092,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,11422534733116477111,7892073817601737092,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3656,i,11422534733116477111,7892073817601737092,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4480 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4564,i,11422534733116477111,7892073817601737092,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4424 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4488,i,11422534733116477111,7892073817601737092,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4776,i,11422534733116477111,7892073817601737092,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3700 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4936,i,11422534733116477111,7892073817601737092,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4528,i,11422534733116477111,7892073817601737092,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:3628

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1764

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e0f763e9bb1c3fca38af7c1a02371453

SHA1
0dc3bf0d6f3b414010fb04e2146f2a150c762882

SHA256
7eeb18f7afeddfe909126088b600454dc2b0909e1f494aee625c6e11291acdb4

SHA512
64a5f4718d1bac4c1a0524d2714433aae58d664588727b0b7ad7396dab8d797ee9ed1c442a92f22c3e5c4a697d1ed7634dfed6a24e6498d682f5dad301a0256e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ced28e8119763d06fa651d45930771bb

SHA1
dfc9c4c75043769f38b57644063feddde3902949

SHA256
05c401a8a3c6ea6c60875303aa2e7edeff3cfad1534545653642322e9a32108f

SHA512
b8f4e029ccf615b0599f62be9722a8abadb724a1598d2dada7fee446b2a73272df20e5ede719b93fb7314017722f4403350a2a2dd446663e4a1aa8c4ee6bd3b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
91b4446a3141acb44d6ea6311608cb64

SHA1
055fe7ab62345aab4c7c08929cecb271b80c0636

SHA256
a45242e7d1061837ecbd175e8fb7f05a5b7b57ee42b97f3045b973614baa3a4f

SHA512
da74750d9b6bd50cffc8d558aa22e84e66a0601b0a25a1211b5c5c4665deeaec2ab90f1d3f842ea6774eec6271105b6d4434e3b67934d77c6ad969777b69fa92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2d1e3cc8a3b062f719dfe17fc5673ba1

SHA1
05fc84bd6bbeec350f8a0a652a180492bc55e5bc

SHA256
bce9263c10095b2a96eb154cd31ccdafb0e37f740b248fedfe1828a3e13f0c8c

SHA512
f2ecc481895e77e6d99906a2e7bb4bc4766306a40486450b2e59d8b109e1edddd1c71db8211b4df0ad593ecf1debe80096aaaf6c093f47c343c993da2548e392

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d75ffbc249bef997aa42db9a17be6058

SHA1
47ead51c9a126fbfebcc4303d813ff56e2cd15ec

SHA256
73c761197bf7ddb12052710f192a110bfa088c0d2d446171e7bab893a739fa5e

SHA512
3fcc43e73b710ee1c370b668cf9831e32ce29db20ffc0dedff453342d87ed129d81353211a7a9e0453809640cdedbf76025842b08e1526be2f2f89ac0f84b08d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e47f8a6b4866abfee5b909ffdf5acf2f

SHA1
1b14a7d65e0eb5f4758574a2df08c8f4b262f438

SHA256
549ba961864fa3b21716e66a0bebfea89ecb91e9460a2ba8d2f09c9d25b915b2

SHA512
206011595b88658e522a7abf754a95dfed3f0ea35df675ae0df7c1580e78479e4516b730542fd32fa0d4380f292b4fa430ef3c001070325fc9aff20f65cc00c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
171a9709bbc0b45bd42e7260d4850117

SHA1
7914bf2fd62d33d99bbec135dfa78666adbb4c1f

SHA256
b2c983f364f1e4ada8faf9a229bc728a4b3693bca539951b2cdc3a585251cc0e

SHA512
e700f042dba32da068c41c3978c16e17f516e494cd9609872523ca7d3aa956aaa960abff1584851dfdc692d4e4f1d5383a1291a02ffd60e363a885860d984fbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
ff95868970d3a9f0644203ef3b72119c

SHA1
d9943f6d96d2b425d4457fb685a735f751c06f37

SHA256
1f784ca1d316db3c7b77afe39d78480b6f0f3a381aed83b99f03f93ec335ed27

SHA512
54203e0f553a47b071e3adf6954b758e86224adbb4a60b85e36ad99f7954eee9c65a17801a5b7d0ef187e88c415ff467d0967b5512e59c6a8820a7b04ff84c60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
bac3436ec9fd160fd459670e321e40f2

SHA1
33f060d5dd46057d34d816d632eb7bc928118d77

SHA256
d6aae3282313ab8dcfd5495a047254a4e8c5950f705452c82ee66fccc99fc033

SHA512
e8a2bdac2e6437486472dc326ce86d71978ba4c5758edb232eead4633ad0088cac09c1232245344e4b479a69f658b92bf8819e66ca2046b28eb414de6f08c087

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f4649cc9-6256-4f43-b2f8-4341f17cd58c.tmp

Filesize
202KB

MD5
d4151cd19934724a818d3befef671aa6

SHA1
99758f2bebadb4ab2100bc9e7c9b4b2983c26aff

SHA256
3919699e00dc9e0ef5b6216be2dfb3f8eafa6d39a0fe5598b73e0581d6d090dd

SHA512
423af169c79cae86e40325bfe38f5d5d9f548b74aa447def526d4f0fa17f18ccf81b5bfe67e66be48fb257275339d4c6e40d52a01043e7ff4f75f28f82fdf741

Download Submit