519d3233402cac0e0cd87ecdf9c8108770e075003363927d997bf16e0ef31553

Analysis

max time kernel
95s
max time network
96s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
08-09-2024 00:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Troll_pad_6969_v1.dll
Size

72KB
MD5

a2a3fa801acab16bdcdb26c0570efe3a
SHA1

06dad20aba11da1b4f53101facfedee2efa010ae
SHA256

519d3233402cac0e0cd87ecdf9c8108770e075003363927d997bf16e0ef31553
SHA512

4491fbd9b1ced4fd23adbdcf835c2b77a09fe7b2834ed0c9497d642f51c0bb9b5d7ffce381f96cfca1ef54c03431c8d0145fef35b5d335dd186db32c658bcbae
SSDEEP

768:W7YV+P6pkzCGSz11Uzdnq7nvjL7c34WYmGCdQZ8pA0BF0K3/DDiwmaBhZPIVOjG9:c2GKz1iz47nv3ejGuV0K3CaZAVOjm

Score

4^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133702273344369809"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe

Suspicious use of SetWindowsHookEx 33 IoCs

pid	Process
3512	MiniSearchHost.exe
3292	osk.exe
3292	osk.exe
3292	osk.exe
3292	osk.exe
3292	osk.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
3292	osk.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
3292	osk.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 1588	4864	chrome.exe	85
PID 4864 wrote to memory of 1588	4864	chrome.exe	85
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 620	4864	chrome.exe	86
PID 4864 wrote to memory of 2904	4864	chrome.exe	87
PID 4864 wrote to memory of 2904	4864	chrome.exe	87
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88
PID 4864 wrote to memory of 1156	4864	chrome.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Troll_pad_6969_v1.dll,#1
1⤵
PID:3284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcce1acc40,0x7ffcce1acc4c,0x7ffcce1acc58
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1780,i,18297587423254183049,7453284481468882161,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1776 /prefetch:2
  2⤵
  PID:620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2080,i,18297587423254183049,7453284481468882161,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,18297587423254183049,7453284481468882161,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2216 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,18297587423254183049,7453284481468882161,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3208,i,18297587423254183049,7453284481468882161,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3596,i,18297587423254183049,7453284481468882161,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4760,i,18297587423254183049,7453284481468882161,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,18297587423254183049,7453284481468882161,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4784,i,18297587423254183049,7453284481468882161,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4776 /prefetch:2
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5084,i,18297587423254183049,7453284481468882161,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3536,i,18297587423254183049,7453284481468882161,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:4620

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1220

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:3512

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3656

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2616

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:3388

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:3436

C:\Windows\System32\ATBroker.exe
C:\Windows\System32\ATBroker.exe /start osk
1⤵
PID:3248
- C:\Windows\System32\osk.exe
  "C:\Windows\System32\osk.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3292

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E0
1⤵
PID:4848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f3004e9ac38752466d96e486d30362c9

SHA1
e0a971dd4ae15924128d2549a919f84b864dd9f9

SHA256
cb77d1958e1480399cd4b5e13b6e0321fdac96a90cd32cd13e72c9bf40aa4ad0

SHA512
d2cb97e35230c61fcd84c6efed190a3c2400f6cc2e7b2dcca9c735cf2ab511d1001e0b0be9512f23f66547de1b432ffaa84c4da101eec7828fbdd633de197d3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
6e0bc18eb0bd8f19717dac4ac4a87312

SHA1
689881ccd6bf6bd834d4a93892bf4c84bbb3eca3

SHA256
b6c830b5ba58453db9702a63a86e5469d2ad2058034cdf53567d3fad46e5ccf7

SHA512
092ee4e34cd6ed5927073bb209a8b2f015227cc1b0eb7d0e8426857f5f9fa52c4ba4c1bfef568ed98c746379406e70aa36f336ef698eb15cd5759d4b2b81a1e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
51acd317ce4b9a41ce0f324dcfbde13e

SHA1
339bbc261445063a703a0f74aafcc682db116b8c

SHA256
0f96e7a9c52c859fc9359a6fca7dda2e821059071066593d2bb619c87520a4f8

SHA512
38077c672088fe7e3720db2d9979e2fb2345f83f69d1a86caa04da1578474ef315f7caae80c7f835c5a071d839a20681b2184e91bd42382deae6e178e76c4773

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
3f917cfed9941c2ffa470d28fd55e9fc

SHA1
7b557aad97797b1ce96cf7b5e0416b25d65064ab

SHA256
e485499d24f5544364eac090465772d3a767a54bb540f031dfe002cb80dcec84

SHA512
acfbfdbc3352b711a7665c7c7d1ed7e56d18b2fc34b8a9c6fa7822041e0fdaa71d49cff74e590dce359cd04ea0c3af553da123e068d752aad079ce52b44b1bc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c920c33b6051507876b93a1e2e00969b

SHA1
c4102fbcdd0037f462833aa381c4ec011a7efb1b

SHA256
cf297484ef95ac1bd3e23e27c4b2162b8d5cfd14ab37b12c43984020c9680805

SHA512
7a8492419d95d890ef5e39580d60eaa14ea39725b4c0230e087cea30cdd86c23d154d77d10ba0159e48d455761bda92a439009b05ded38d4462c7ba694c2a13f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
8300b95bf2794b0f4eb67752dd90adb7

SHA1
2110f5b147d2e8f00ea5ea4438138745e52f8dc1

SHA256
c9f6afce22a16d74b943af6a9bfd4078949b4bbc918dd0ca3a508ccfd87bbd0b

SHA512
e238d23ef68323d35cf0da062d6c576ea455c8fcb1cb5aef7eafb3eaae1a7e3d1c8c1da3c2371567231b86a5ccd38b0c28080b2d7371b6c0208358cf05276deb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b43a00e12ac1a2cf64b03a3fbf2aaa06

SHA1
89844186e877bb036d91d7001ff5e1373b2d8d97

SHA256
5f241f43ce0522e57d548f7707e2c3d229df3a08820e49b5f28e73668464278e

SHA512
b6760f07c26ee367767726a2640be1b4cd3dfa0c998efbc0a8687a9a9cf8cebaaf02c42bf6d7df4cf7b4e64fbe4c6c47a696bef68065fba0688c0aef0bc64ae4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9cc41277a1a1e5f33e305c76203adf40

SHA1
c627c2c6972823cbb5f6c0a2d7f1ab890715cb66

SHA256
bb5ccd805a792fee7c2da868592bfd86b008123d3611b3002b1273d197e1e968

SHA512
05ff442c9e2eb2f61d09e4055d11005c6597c63086cde07a9ebcf9935f015b16b4561e4cd29f612f6c67cb599153649c3eb39f8361cab07850c6073b83916b63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2536fdf9580a816dc50566b7cc012790

SHA1
ddf170c52a1baf2a846a6d69e9afb45199c24891

SHA256
6e6f5fc254e6ddbfd2c226021bf03449cb5cd2b98bc0212e48c68d05c38c1da5

SHA512
45e7ea9d4117b18554c63e7bb83c47adee7486366984af298739636e3738ca51c73f2b1fb91bb3f017a3292ce418f51097eeea600a2b10b245e523601dd0fd95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1ca358cef5497af1b3195c767f367076

SHA1
fccf3a8408e87a5e8f077d1eff58f45327361244

SHA256
7190902cfff8614a713a9032f62aebed809dcd3ccc9e093e5dd00d5d69534ba3

SHA512
97debf5fad8cbae253c0aebba67b485ac250e22a2e73304d667a0a468d606b00d169855a13405bccba85625b841f6ba68368a3354756c9c2b5766af6ff536f24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9b90982144bf4328a4c1a5a5af4748fc

SHA1
0e96d05772195f573ab383c90b8a75cc56f37642

SHA256
e891a5d642590889fa732b768b955cc396a7863acd3d5c643d257e090b2369d4

SHA512
997f42d5182977832785136656f7ae825cefd373a614a537414744168771336e93a58b439b2f28a4fc25d82da7739e5ab69a4f74a7325fbcdec7a51015035cba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
69cfd559d39bf9985cd9e21c191bc67e

SHA1
ced2511427c1b2e637fa296f579555b2812b2a50

SHA256
2491e8223775eef385f85d2be41ae411b1c2e1adcb44d8de800361f960cbfd58

SHA512
de03bb01564954adc65567fde48637af56dcc42b64eca0e560f0cd4c25bb9fbd3532c7ebdd4d1c438e86b960495ecbe9ec651b23172dcab6b0848b60c66cb3bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5043c9ec1a0b593d3739026fad5a6e58

SHA1
da80006823262fa23c0705b2061a1d16b3b8caa3

SHA256
06a329464f56c2b370f75d1e48e1a69dfccdd341e0be42e383ead1a731099d6b

SHA512
50009edc5ed17f23386540b3d6d4a06ac0225280b3876b93e75ab638b7b331477a097b7c09c07d6a9104e6694af1d4cf925edbd987281c46849475ef45efecae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
163e1101ca74b624037626b4b7698a3d

SHA1
203e07c9593b9830155900d1675d74a40c6ba051

SHA256
eb0efd604e5215bdbf1243933576ecaf44dd3b6b3ca6832996e98eec9983a2af

SHA512
3661610e1f81625179e4cd6bc0d209fb565de18be086c61694706c7bc236937760b3acdc10edfa042d4e94cf3e589110bd7a6cd1281a555651658ae8fb58d81a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
ed2e68f01241e169a18cea910aaa18b1

SHA1
4ded64f9f80acfe289d08e0842c753b978c0288d

SHA256
aba32a4afdd54bf7b0e683c4f474d0cf9d8a3902f3ad791a2970443b488a7214

SHA512
92ffa698b9b5ce8371978daafb8abf496ad159f9dac850261641be2a00867d37dcd2843c3a532ba8158c71cb1829200369edab98b7dd7e20ef8570677457ce4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
74cb53c80120db1607c3ee9651b86aac

SHA1
55957981638b38da94c808289a3a2ca0f2e48152

SHA256
f6993c0ea1703df801c573b18c378944919a8117e39957b491ddd961def708c6

SHA512
628787528a8092719e6a8ed4bd5dd94a225fe7336aa37d3365a70e8487ab6b2ec88a909b8be1de22153dda22b8cce42cc37c1f881d713b0a1e57cec871569953

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
c7ff7335b3ca1ce79276e3499056b63d

SHA1
924d4b0b75c6cb29222bc088efb7a1aa2fecfb3a

SHA256
e62e4064aa86fe02750aa2c01a5037ed694f2b0edf74c0a7ba2f704a4bbe2ad3

SHA512
66b2e9bec81c2eced1c12a0d83d2fb8e2fb82fac5f8c8db700b0f9f4f0fe8d3a8276ac14fcd0d52ba8a6ac49bc0b4d38beeca708595e3b0beaba965f4f3fa532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
12149df687604b1011f9753c9b85b66d

SHA1
479c595cf7ef6cf5e055ff84b37a288eaa7edcc4

SHA256
ca39e7e9621cabeefd1f6db28739e929c689bdeb6df8bc7909aae8fd73d5708d

SHA512
eee8236a16207970eea57c910d9f48ac5044b5e567537a05a4f1a6159564314b66dcee3e615592827c9068178e6b325f679da837a1833ef81f03f6d5fe16a024

Download Submit