hxxps://drive[.]google[.]com/file/d/1tbyv7tpqN0ha2yv7KUIqF8_c9E83rS-G/view?usp=drivesdk

Analysis

max time kernel
94s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11-09-2024 07:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1tbyv7tpqN0ha2yv7KUIqF8_c9E83rS-G/view?usp=drivesdk

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
88	drive.google.com
6	drive.google.com
8	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133705142405257497"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4884	chrome.exe
4884	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: 33	1576	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1576	AUDIODG.EXE
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe
Token: SeShutdownPrivilege	4884	chrome.exe
Token: SeCreatePagefilePrivilege	4884	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe
4884	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4884 wrote to memory of 1716	4884	chrome.exe	83
PID 4884 wrote to memory of 1716	4884	chrome.exe	83
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 3968	4884	chrome.exe	84
PID 4884 wrote to memory of 1500	4884	chrome.exe	85
PID 4884 wrote to memory of 1500	4884	chrome.exe	85
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86
PID 4884 wrote to memory of 3344	4884	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1tbyv7tpqN0ha2yv7KUIqF8_c9E83rS-G/view?usp=drivesdk
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc820dcc40,0x7ffc820dcc4c,0x7ffc820dcc58
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,8126434955627771975,17667860969758667027,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,8126434955627771975,17667860969758667027,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,8126434955627771975,17667860969758667027,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2432 /prefetch:8
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,8126434955627771975,17667860969758667027,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,8126434955627771975,17667860969758667027,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4504,i,8126434955627771975,17667860969758667027,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4512,i,8126434955627771975,17667860969758667027,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4696,i,8126434955627771975,17667860969758667027,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5320,i,8126434955627771975,17667860969758667027,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:804

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2968

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x2c8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1576

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\493597f7-dac0-4f3b-81c5-4737878013e5.tmp

Filesize
9KB

MD5
7c9a36015bfa356d8ff98d50014d3f03

SHA1
9c5796982ab87c5c0ec26aef2c2803d85164ca75

SHA256
48550462048b9df6319885f79e5df241e391773bb2ec6e1f054eb0053529384f

SHA512
34773a263bde86fad73cedf461a353e9478c435d862276f7307d40e523a3906d9a57ce85f3c7a7c450666b6230c389f5b3abb162f2cf333efb1dbb7f27efa1f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5ad089f215b40752abd364604dc5391a

SHA1
e85da6f12e3353df06e97aed712a89f3636e40c3

SHA256
eb8ce88d8676592e1cb26cd0a17207c41f3408a2e2c6cf5068e21e057faef0bb

SHA512
e0a3b5b337ee0a3101aff2ea259e4bddf0e7f5b9c48a92a75630a7f3f414baa9cdf70b7b8e017d013a855c2bcfca419554fa257c83e868492bdee5af5332ddb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
833e82cb79f8c57e165519abeccd9927

SHA1
477455504810f711127b6f24ec75bf9fca78aee5

SHA256
9cd17bd1dec7c94771770e752a57c461ac93aabdebea3c4ac6947cadb2718046

SHA512
53f5d146cd0a711a74135c9bdcaf55018e6eec5b0d719c1f04ab05c6c0b054b759f91de9964570bfa4655eccd87c1c166df7d9f8e9358d2c098bf693071d6dae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
97cff02de3ccf5b5029dd6a547bf128f

SHA1
45334cc709b5b4d43fa821ee1ae45ac58324c943

SHA256
94943f4cb93f29d3377133a9b3098f3e783c088c35a34e5133e3e5cf2207ade6

SHA512
3622b55da562808aaa37301019a4f94880ca3e537390e6408b4ad31a0118dd80f730674d4c777556be73d79571a13be4d7f494449ad2658828f86ec80854a65e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
d1a45cc3e03bba4edc0bbd05055be555

SHA1
48408c12b473b0785bb8852d396cada6f6a7469a

SHA256
459eb8e2a0d825df9311ee27339a286845547696fed46fe80216d6954ba8d59b

SHA512
ad8006d574c503f13b4eb2beb9fe508ab61c206921f68506397cc5e3dc63bb9be5e7eafd27aa31c746fbaa052aaaa5d322ab5719b202353c2935d57357eb5d45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
1fe39e274879de10a1ef1e7f5af94d5c

SHA1
98101b6aa7804bdc6430b2a77cd51b9c5feb4072

SHA256
c2518799ba5ee0e53c3f82039b3d665c47a409ea517c0b4292c748bd17ae8446

SHA512
4b4be61ba480a10b662f1ea53a873bf47a0a20b5cba9c8d448ccdff1ab4a997830cb9b8a5265112f84efc75e79af6b9be570b896e595ce01620caaa64ee07dfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1016B

MD5
2141ebf002453f21fbf1a3ae6b39ef4d

SHA1
c7998fbf4a1828a0b4437d7a50c7ff0c33a6de3a

SHA256
4af7febfd956d27ae9fc67796a1c0d866de94858890a89945fb1ef8d2586596d

SHA512
87cf547dd5aef6d207ff9e29e09ca820da316b7b82af9b4fb58fa11301ef303b2712c73bbe06dd422ec98be93d66b779028d75a845d2585235ee1741a621f335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca2c47ca4eb2971636dbabb897f403ef

SHA1
7535df98da94d8306a8cee343baacef1fb65c285

SHA256
9f8d6f84c53214689a20737d64d18c0eb32911cd36ae45d97ac76dd9009cecac

SHA512
51a5dadb2cfbd98d82ab1b9a85011c7d6ff004fc80e084222bde35de1fd1d259e7055e8c631d55014d9c093c700116bf11ba1fc905bed93b471915bca12f4b58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
20469aab30ffe51e8bf84e23ebb5de0f

SHA1
f9b97a01a85697f10ac84a55302daf7ea6271e95

SHA256
5333155c504bc864cac9f564622c25b60681b67730f68062f28459479b8c40d5

SHA512
26edf2e6c8859b5ea27f4e29831adbe0ec316e4a0353c9022cc6f2b7d883ed756740ac5cf41482ff06f3dc9568b86f2f44f46472c8cdeaa2eeba0335e68d9e52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0dba4245499e000585b86a3f604e58ae

SHA1
d6b4f4eb23f9f4bdf9635bd84ed835480f780de2

SHA256
c63668c10534b70be9db3a0aad43f62e97de9d1a4fc5e88bb3a962fa95b61676

SHA512
6c95d46a1446a5659fa89f647b16e79187793d0a2eb4cc71edd63d8a94d2271ba10c0c22db8ce587bf9bbd21a51b6e36b1d67315d986831314ff7bd9fc20035a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6698f9b216fdea3fec33475f7093184e

SHA1
ed666e89855fac77143860b61829b6147e4e2257

SHA256
0ff308acfd48a023b2f4848844328767e664194b6bb73be4a1ac887936350376

SHA512
cd5912a2d3184dfacb5bb0bf15c3e37f2c3c73b33ddc894760aeef6377216885e38a4332d5215f1f7de2b837049fcfb502faca614daaa37d6334fe4c12007ce4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
514a00c355c919ce29276387219a2827

SHA1
31365d866339a569a69a675f8b1d054ddbb93526

SHA256
0a06de95e7fe8ca9d9afb692831b955fc6ce0f4a442dceb9cd5f24ded6e98420

SHA512
a60fec2e18963e859a664b5caa3a6675426d413701e15e0b4c21bbff39d1aa427f38503416eec707a8d141d98b9a6798ad6254ffafe220231e5e62ed3b1cd518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cddb705d54bc024ac822b9a0539b57f7

SHA1
5632d4477115564f52a15a80a9344dae6ea682cf

SHA256
211afc224be6f55144cc80011b7e4fb2f7831c5fc79f239072275c613314124f

SHA512
8e199d632eb1c055dcc411f6d87b67294a551ab36531905cb5fba26a1e7e574ff6920e05a28608a31bdb7ee15b8f5d9524c40a77c606ca7ff3d46a16b3e22c9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
90B

MD5
e27be7852bd2419f1bf32a34a1dd3787

SHA1
4183f695e225b322cded5e11795022ea9098ce18

SHA256
45d35c262c222f03c368d3d93ddbe4fd9dede1544ab2e3a50940427472767004

SHA512
ec672fe201dae616c6816a20a41baf34a879939f87f965296e7494e29421ec08618eae20936da7d3fee12a47e8901da15eff0c098b1d2484bddd4f082f50c35e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe579c21.TMP

Filesize
154B

MD5
4f033a85f7cd04c6538a1af32a4e8893

SHA1
a6ebdd0a32e227110adacd15aaef7d648eeb4e69

SHA256
603f954d053502af43fa5121d58e4fd1e00aa19fa1d27d25911f43aa5cac2f8c

SHA512
cf883092262604d5edc634214766ad4404cfbc92ddf1b8f8ee9f9c04e70d6494b1079eb19a1fdf6de1dfe46458420ecc6c5694264e71e62069755dfd965853e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
1def3ce96ab441b8a2b7e4e60e9398ec

SHA1
a04e02b32767c6fdc971891c9a08c3aa57732787

SHA256
dcf9b7d30ac0905c9b14783e47fc4e6555564f92cc8f424b990e7be135c050ac

SHA512
bb56f1c7411f69be35a53cbbd355aafb1f199941c100add912b631909405b364e62a12da81a64691e1fa847519fe494efbf541e58082239e224226e1aea4f84c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
6c22ac4b8f708b35d965ec557a4c6b05

SHA1
126ea68f58055a4c1c19d514fa9896ae18865d46

SHA256
d5f028d009e586900f1e0ebc24eae666ba88b69ebb051b4ec1baf09bed62473c

SHA512
663d3b2c0a65eb7e8a72a563bb88726b0bb05938944d2d26f4d379d8331c10f07a790892ad7a5ee277b31bc334e03aa4f3cfd92f8efda5130fab2e5a37c54512

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
3e919b6be509564db88bd69fe149b601

SHA1
4a3e9f48e0708363898d9ea090538eb075e15ce3

SHA256
96b5f0118179d130d1b96b23460ffd14ae62c5d930c5306d9194975ba2dceab7

SHA512
0c3c9e53e167e328d8f75f3dfeab464aa6efb07050600c46092b7aa0be984bf358bcfdc13598fbb386a3c0e0609416eec6f759fec129c24b205516976b999c05

Download Submit