hxxps://drive[.]google[.]com/file/d/1xlO9IlKuvrG7lAMCMtJuYtGtUbyqVY1T/view?ts=66dc6528

Analysis

max time kernel
117s
max time network
119s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
13-09-2024 12:56

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1xlO9IlKuvrG7lAMCMtJuYtGtUbyqVY1T/view?ts=66dc6528

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
5	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133707058241302573"	chrome.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "64"	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-242286936-336880687-2152680090-1000\{87DFC52C-70A3-4207-BA55-DBBB3F8C547F}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
468	chrome.exe
468	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2288	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 468 wrote to memory of 2180	468	chrome.exe	78
PID 468 wrote to memory of 2180	468	chrome.exe	78
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 1508	468	chrome.exe	79
PID 468 wrote to memory of 4476	468	chrome.exe	80
PID 468 wrote to memory of 4476	468	chrome.exe	80
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81
PID 468 wrote to memory of 2040	468	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1xlO9IlKuvrG7lAMCMtJuYtGtUbyqVY1T/view?ts=66dc6528
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe565acc40,0x7ffe565acc4c,0x7ffe565acc58
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1856,i,14193541551351424782,11722855657844486072,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1792,i,14193541551351424782,11722855657844486072,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,14193541551351424782,11722855657844486072,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2384 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,14193541551351424782,11722855657844486072,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,14193541551351424782,11722855657844486072,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4412,i,14193541551351424782,11722855657844486072,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4368 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4560,i,14193541551351424782,11722855657844486072,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4592 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4552,i,14193541551351424782,11722855657844486072,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4540 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4932,i,14193541551351424782,11722855657844486072,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4732,i,14193541551351424782,11722855657844486072,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3084,i,14193541551351424782,11722855657844486072,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5412,i,14193541551351424782,11722855657844486072,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:4776

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3880

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4504

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a19055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:2288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d68289f4cabbaebe817c73d683e0d8ee

SHA1
28f58be2cb2c989bc2ab039c477e3cf40719534d

SHA256
01c4f45d19e382c96b58a6d2f2493bf0032a1b7f80da9761e02ed4e9f255191f

SHA512
8a91761b7a793b280549a5952f87a21b92b10808923b37bd29b919779e455fb56475432bb846a0984811061908669a643f96e2b32a879f03393d8ba16d1ca19d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
28KB

MD5
4dd36552638146f0db4bbb586d77bbc8

SHA1
40eedaffe7ae31d329d039266ac9d0e684abf7c2

SHA256
f6834510e1a68c8ff59e74df570dff297539a877ae77f26438a729d7b4a3b140

SHA512
2f2fcff9cf628a64b0d92944fec0665d2ab361fdc670ec62cd69d4bcd48f39d93fbce17f60cbdcbc51752b536f6eedad2913eaed2f193c80bf5723284d366c92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
4de5654588a31bd4a1f439fb617e544f

SHA1
1f463fa4f89442662582f2149c9d9a1e01b6c34b

SHA256
dc6819f3ea1b7390838ae2285f1b1f5e41be2709a96840b8245b6ba927393655

SHA512
1d5cdcfa81203812be83dd1b3cb280f7b2a8d507d1bd9ac9323e7f9a74be02fc9583fa3439e6adc0f67034ba9b918b2a80e7899128dd58f4a7e12491ae0ed15b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
b2341b8d5cf27c5e98af3c5f66263059

SHA1
d3b5d865c8f08c79164fd65f9a3632d8e8b04c14

SHA256
c4ed912bbc4606908fce9b4c9d495aaea000ad9fc05bcfdd3540946551097482

SHA512
f69bfa3a6ba4a80821f208e5bdd5e5e4860089eb6ff2224975aedb41b8864225e753ff6ae4648da350aa146548c4657ea318258a05defaa51efb0b9160f0a05e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
56dfa3ca978b4246315ec679da99b35d

SHA1
4bb600cc0569f1d53b42e0969b0aa6dd943ae6c0

SHA256
1ad0d85dcae0fc31ed31abe42b0bcfb0a6e6ff323c2eaca0d016db4bb707dbe5

SHA512
73db05471409bd244d5656c946767b7dbf89642dcdadce5ed32d4d616d4958c4c3a25a16a6d8a02fb5ea4a7fee85e8f5d7b8be3d31201304d1bb714037bf6dfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
a74a28fa882de5bf344fd59978552307

SHA1
25a94fcce0bc6ebc51dcbdf2f0005ec2c86c48c5

SHA256
9ce941d83461070a02a6b3fc236fb547feb1f76137dd28b312bf7d39b14050c0

SHA512
1b94d8721bfac5f54b2b93f594e26eb1d3f8f1b6b2f20773cd0c6482cf9ffdcf5438e3a56d20c24e27302458e12e2bdd366b9376e0218879108245aace5b183a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
be5b5b44b292a838dce519d3f38ac090

SHA1
930bd415aeb8ed802a706e157250af6235a1acd5

SHA256
10566b264d061e7be05a37161130ccbc483f47e6a57e4a900b1f9dd87ce04d6e

SHA512
3b8713de0608ab284d340b2fb4692f1640ae0a5e7260d7ea3d1cd16f01138e2324b6d1827392ac3a428582d19c8167dba0a20f8ece7064b6fb6ba3fa56d747a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2e1e049665289d95b8d5a1ff995aa57e

SHA1
24673f2ff87943d2ae4a0be7ca0ee2361ca8b14d

SHA256
303860099a9848ac0d1112a7125cfb1ea25477cab91bed041c34b70bfb2408fe

SHA512
8c36645ce97d66a5fd8fb6e12fef7f5b7f3905e642a29a36c5f571f50075b9335228924f93d1c07ea11bf6227007cd9dada0d800b496d381171f81630956e2df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
975c1c59e93a1c045b612cf1a132006b

SHA1
03cef490eeaa76db082ed29eb8e5da10414969e2

SHA256
5597ffa9cdbe20120ef336032cf737e11b82bb65f318f9e5aaed514903bf2fc3

SHA512
d75d2405dabc260dfb47c000b53f05c8629aeb3ced2e471d412cb5c35c525ee0cd2daba79c90364730612d9a47a8a7f283e02296ab3c7a46e3a5175bc0881db1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
81a892078ac7b498f2afbccec2e39f46

SHA1
7e254500c66870f90f580a832e9eb568f745ab64

SHA256
59ba48dad94d8f4c43326cbeba1e44700ac04fd5cbaf4bac7439f36a69ddfaf5

SHA512
c6fcbf3677bdc63d210bd4473cd9ffd5cb2b5717a4c433603f26ed13b427a130875fa9c5ebf4a9a8552052d4de08fc4b2468fdbcef4ba92c0f0aca14e6d85b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b2d71257eec3d9597d4d49e0f9454d53

SHA1
0b6b4e77932bc9e2b751ee513235e441a494b2f9

SHA256
bfb2df16615166b0d14f54025323c06f8163ed10f42c184f15a8b47fe2ff3ca1

SHA512
15a2e4e7f9b7ada6df3454cccdd948421496c0fc6d4b1112a876473456c9a8c36f169e9a92e3a8038d946dbc19a58d4f2d07a477a758e0b7738ab634a3ab7eb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
195aa331d95ad5d2edae3774cd4a1da4

SHA1
76f3b701834d58ef970e1a135990c683472e036f

SHA256
489a34c2ab975f8f2049714cb1e986917f669e4ce03abca3b9cd76f9d8ebaf11

SHA512
27d0a4f919c1aa40d9e8b7e75630202a5c6f9fa058102d9f8f6c9ac1a7cc0f89a945e2b725053032e0a4ed72b55e3160c555949c31528221faf0b902af023bc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b1ddf150384d23c44a5f40d8670e1ebe

SHA1
b00fa0de759410efd7416521846f9b2819d95ff5

SHA256
01f93eab2081064cda7b1b69289337a2c5b43f9a9c050f9e712befe1817956cf

SHA512
32eb8a7318f4d123bbf2d0d67cf2375337c9b3ba75cc4a8fe011da849ba06dd15687fafb5a785daac4c3a9b78ecd60ab7b627a1c915f1546612fc3580292c9fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b652712b428476630bd8316d70a80b20

SHA1
b7d68241f910d7793597280b3b8fc0c6ae48b9fd

SHA256
bfb28e68fc37c1ace6564455c63d1f96b3c40af6d603605a7090f2881551ea3f

SHA512
e0e4dbad8f3ec32fb9ea47cac628918057c2ad0ba82bf2d2b4bb86ab03df1e163e607feb5f794a61fcf539caf40cec34cff7480146b8d27fa3db265eab816665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
32dd04a05253bc9b9a8b69cd03ea63df

SHA1
838708a2a5cf354a35bc2b0c12c41a345f7e86e5

SHA256
bd8d86d0c68e4328b3c3bf0b48787e09d06913bcb31ef53379d9f469d2877015

SHA512
60c2e884b0577954c8fecafb8ed17561725140205522958a450b843f76a92359cf3d0033bc1c2f07efa253afee416c6658097b3ca32390e0d177ae1723c63f71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b353f5806fc37f13ffc72f7d7509f1ba

SHA1
5e59213a7ec6c75c875892b604f11afef01870ad

SHA256
1c872bdf9774572fbb144bbabf63e3262acc31f5a0a05b802839816670d7d4fd

SHA512
644281e9093784b6d1247aa3fc918f061464a73dc146f3a0800db36fcb25d9c51d1f90ce7091c6f5a1ec35cd2cab17789b74c629dbd103040bd13e9733ad3636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fda974ca05221fb0b038dc23876029ee

SHA1
88a677efbd61da910933e776b81ba920c3629ac4

SHA256
3a71caf9c72f1503347d68937583df19d6b51bdc6c76d36c50612c4e91b1175b

SHA512
decb05f1c4cf46a9ec2fb2554901e663bf19ef4ccae138b1988f91d96403cc24e36d77e3fdb4a2a6d59a19809461102bb24a0d47f4e50d67e5838ec328620404

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
98284e14edfcd689c9d52d905ae75e0a

SHA1
6942292a2ca9fede329fb18f9aa606b950da2645

SHA256
6c5a814a37704368a69466d7291ba7031bbafa44e2cf8beae9a03970ae7ba4d0

SHA512
754c9b010bef19908468b7796f206f708b18f00c012fbf06e951587440df537a53f373d0bda5fbef52aab0bec485387d5dfb1800852cbdcfc472c6b1a3434e94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
51da2ff0014e4e755d52e23ca7dfb1f6

SHA1
98a3e01f94cd28c75353876017a23eb8562704b2

SHA256
ba0cd69776323e6af728c4dee5646e5f142188b58401336567a9334fd724aa61

SHA512
50a0d0f4fd258b2edaa3395a9d5e8003ad59f075d65db564bfcdc5fab36eec6a180f7c1cfda121935e512551c673f5fab59e737943f3bd38ffaf361da73bd992

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
4e067f0e4f46f546c96c94516ac8ada6

SHA1
a87ae39ed1a77e224381c3473f884db2e7f56e71

SHA256
6c726da36395a4ce8cecc561d3b9a4dcfb9c593e52850ae38f958767d0f9fa72

SHA512
89ccec69b5a3ac5a303006c0d321eb731884fc5146d5378c9f68705bfef8c2569c21529a1ef7580211850cd5b6466688b41cf48ffed8b58d95e66767b2cf4325

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
be510d7f95276cfdd95c2f6def72fe22

SHA1
a89ea44fdbcf65f6b97527882739dce3d8b1ddad

SHA256
5b82d4c5b8f5c5912cc1768628379afa1b430f324b8df797c16cbec0d1653fd8

SHA512
057afaccdc46386f04a1293ca9304519827896de595ad18303d976d12b53843171d320d47c2eccde0d368895cd6c145fa58b0cf04f7f851719ea95533d2d326c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
6b4e66921e6b115d399df7054213e6a4

SHA1
6efa7a12fcca28461c65ff416a7a7713941fe466

SHA256
c399ddd05bf242c5314a31f8a80d402cb9bdeed19724b15851fced55974229cb

SHA512
b7560fb016ea9de89d975d68b237896fbb12b33c32176132cea8c6f537702dc2eaa34defb1801568a8c46474c0402f1e163cad94f201b6bed2733324da205215

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
87892d30d6d6b6f91b434b3c30e60a01

SHA1
eeccbeea9fd4e9b64d60c8a5b9680d8a3689d81f

SHA256
e38db4c2a87b112d9666b42f4e58ed3217ddb648677e5228b1cd59e142d78b8f

SHA512
34872b700e7437931b61753dbd0deed63874fa40e7fbc9c25c26b65d55a48827f242bc94033e9de0cd5661be62c4dc3e787298f3de39be16a8d3380afd27ae8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
5d7c6d0c77f0a2edb567d96d78f4780d

SHA1
cb720593d0d47aa956be2f9bdf612aff90563c88

SHA256
255d9e4d95d14244d00c4fd25bc3a679a300357478adf8aabbc58399dc39115a

SHA512
625ba52807be379e9a6c929318b93ec849d9d0027a439278e7774ad122ec6cf9d7505cd3f752abee6355745c4ff11cfecd6df454ee95b5ed99009a9d2138798b

Download Submit