hxxps://drive[.]google[.]com/drive/folders/1z8ol5sOxJrFDSY-IuIujpYEzh8WTDm6g?usp=sharing

Analysis

max time kernel
149s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
22-09-2024 11:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1z8ol5sOxJrFDSY-IuIujpYEzh8WTDm6g?usp=sharing

Score

6^/10

defense_evasion discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
5	drive.google.com
6	drive.google.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\exe.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133714766992315687"	chrome.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Moon.py:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\exe.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3908	chrome.exe
3908	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe
4260	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe
Token: SeShutdownPrivilege	3908	chrome.exe
Token: SeCreatePagefilePrivilege	3908	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe
3908	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3908 wrote to memory of 2484	3908	chrome.exe	78
PID 3908 wrote to memory of 2484	3908	chrome.exe	78
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2764	3908	chrome.exe	79
PID 3908 wrote to memory of 2768	3908	chrome.exe	80
PID 3908 wrote to memory of 2768	3908	chrome.exe	80
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81
PID 3908 wrote to memory of 960	3908	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/drive/folders/1z8ol5sOxJrFDSY-IuIujpYEzh8WTDm6g?usp=sharing
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff877cc40,0x7ffff877cc4c,0x7ffff877cc58
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1788,i,15640579535111738058,15151349878603063081,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1752 /prefetch:2
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2012,i,15640579535111738058,15151349878603063081,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2156,i,15640579535111738058,15151349878603063081,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2344 /prefetch:8
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,15640579535111738058,15151349878603063081,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,15640579535111738058,15151349878603063081,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4520,i,15640579535111738058,15151349878603063081,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4532 /prefetch:8
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4528,i,15640579535111738058,15151349878603063081,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4972,i,15640579535111738058,15151349878603063081,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4840,i,15640579535111738058,15151349878603063081,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5160,i,15640579535111738058,15151349878603063081,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5092,i,15640579535111738058,15151349878603063081,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5308,i,15640579535111738058,15151349878603063081,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=968 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4260

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3448

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1776

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0c7cf3932b3bd7048314adeb42d2457f

SHA1
d7f7a2e13c87b4c3f25ad7e79a66ab8f56ae5657

SHA256
4480aa23cbf6c98f47ae71ab874479bf1ed9f4ade0a45bbfe22bbcbca31de4d7

SHA512
b2203ce566d024f6705c9e5ce7a3e3f02bd14c9f3c2e9fd01bff4ce6e7b6d3e1cbad754980ea8f548e71a2f822d744b8c20a8a1efba262a2a9f5ed66f5f2955f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5a76471e2c6f40fbe6d277400c0594c7

SHA1
b0d3a6362feca4419498ec87b122ad4d597f3a20

SHA256
0bfeb940b262c3bec190c769d266986b2efb50977664aab3dfd340f8f9463ce2

SHA512
eceafd6b9aee2821cd3551b0c4665c8cfd5cd2d9f494633b2454f7bcc645f182b80203fa536e89e54cc097f6ad80e995da984e06152189c4a126d0971d55cef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1aaa9780b9323207b66797f61dee6cd3

SHA1
24f146548d9895e6c88a0bbe04647ff6c042991b

SHA256
699f7965639dd2a873840721cbc1c05abf6a0bcd36e0eb7773b8175cca80a12b

SHA512
a0da4c3a1f416b4c65f314e5a339dc82b21adc92389a191379dd8ff62f5b6d49d00fdef49395b031c42f2fad744027560928bd3e29ae1829380f255aa015395a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3048ff0811386846df934df37a50ea6c

SHA1
7765d4c12c5d6c54d2fa941ca2feedf760467eb5

SHA256
a592b1108fb4984c42c1fb06c9cf5fb0b03856e3859720d3196969ae09c7e092

SHA512
93a247a24f9bcf45e5e297c388072a891b0d65ee490d8dea8ec8d356d89a8f45e5bd3542a3562c3a1435cc244db773af45c9966d271b50d6f5bbc7856f68896f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
c1265188c6b9d62b85bb41f036d98f77

SHA1
30121a79b9a9192f59c9e8c8edd4999a25cef3df

SHA256
f4b07276207cdd130221c174124cbc61f3290ee9ed57b9a71f408b8ea9bdb744

SHA512
985d51c82d05f555ca4383f0ee0c3f806915bffe6c61c5d199eac8ea935d66f9627647527b184cdf5d6d6dae505947c69e919013de2ec22d9b43eb6063a69063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e5c21b9d9b6ef64c4cb94b6999196f61

SHA1
bc07704659add4b9b933717a20318ac0d4438896

SHA256
f1e3beca99e37049450c09b5206892de2cf10bbda4261fa1c49f70680d7f190c

SHA512
f939082df0d84bf8afbb399084819a7373f816c8380780e82dad559f3974999086e841606e80b89d1bbbd8e778b6d827906b7fba06a3f91b3b1551cdc8f2c782

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fb4fb5bb31a762c694817aa953fe36e3

SHA1
764752df1e2c69e0a2884f8b02fb0deaeddf2adb

SHA256
4176935da1f45049f7fd7a44eee36c0ab11d505f349210bc795ce0e6596c5b44

SHA512
63d6ce795beb6d59497119c448580f52e544e1f476bfb0a2306a1b2fac7524e33494e098ee7003c1c573abc167bac8e75b9cb3d3311db6bc801fae754448d60e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4f7c0488b861f179a452569104be9451

SHA1
b05ea84dd8ec26ed11bbff65602161661cb3c700

SHA256
3bf39749657b146369b56834845a2a25ef5e555e87357518e0309e6927813414

SHA512
74e7c68ba2e9e32c5ae33cdabebee56f55106be23886f8e2a0e17f4b8d7dbc7a37736d6cbc8c2dc8460e7ba5020a6b5c855f36af4166eb8cd7a42da7572d919f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f4408b34abbc01371047ea8599fb3bea

SHA1
9dd649d12750042db49e6a56d042f3802d27f9a6

SHA256
d9c4f86747e36b1275e6258ca6c89809ec9affa4b37545cb28915a266c83e7f2

SHA512
1d29a7a877ac364174385cd87b89d975f286499e8360eef005578ea3338932a2d5f8fe66284a5aea94a42a41b5949c6adbb283fb575460fa2ebfb4a869a6de0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b45c7d39cd847da89c9cd956160156ce

SHA1
df867b62e7b0d70970bb40c19aa7b63b26c71af7

SHA256
8cdc3184b2940b44b3b675075a36b64982f0c88181a80c8c8c19c0a8ed001fec

SHA512
71e5df88d29065843933dc25527ecf48b65b4575c3c0e2edb6134af6a56f9cab6b63cb16568fdd8aca4260a5e6f48b80aacc91df7b0f4dddbefeae60f4e51fce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a5d81a31f30ce079171c12c8e9db4a99

SHA1
e1d38a9d9d7ddb3a69244c6ea15d6935ee40c7e7

SHA256
8431447a93b42542ed674101779c672496b2bdfddce8507f9f5406349629b401

SHA512
fe07ebf69fdf8b606163f4222f94931d0dfc19eebfbfff97e83c15bd7fc440e4002e17b10cf966214a7ccabd218d63a168321d99b917afd626182bda524e8422

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4beee720724e1b72325490f1e3fcd329

SHA1
1842981bf3d7cb4c6c7d0aa85d3d4bd7a437edb7

SHA256
3f1973c3d93813dde3a09867b834fda0e55161688dbabfccefacb49bb8d3d357

SHA512
7fa821946f5352e52213d47d5f3ead10eb9839a1891d75a09b980fae10cb11a9ca5724745da96f85c8821e726b3f1793a14fd7e3b3ef7628d75eeffa16a13ae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9cd7108c6be326829e8e91b6b6358b09

SHA1
12336cc4c8df5845919ec1302b7f11b42c9f9515

SHA256
f1099929777659707285dd80246fb59326a069ef155d944ed1275486a9e43b1c

SHA512
2ec7f6ca68e325ef9329f2846ddf5e3e6f7f2c7cf8ae44d9cdd2f292afc1fa819e5811d9f24e09cc736745d425c1492f0501b41290768136a681c08adc643caa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ab80eff351cb4d70ff71ede64e4a54d6

SHA1
be4235ab5b24dccbc80c2688ac38092428d7a3e1

SHA256
9d35e2e3f02a7ebb07346203d927f5bd305fa3c56335eab3d8e14f7b55fe4359

SHA512
1413697b4c016bde96af28078c99a84be2f924bc9ef347751848168102457a058162961036f7936ac1e3e58b78759eacd2af385e9e4ce8b58d2ecd6f45962c29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c2b3f2293791b41094252033718f6993

SHA1
f18c8093297573e5268855e8c31153e35cd8cd14

SHA256
12ce77fb964502ce5571939a0dd9f13811372acd09a86bd24ff3a3f7af773f0d

SHA512
16aa818a3b91fa6a645c6588687e4fa02ce227df426da0a346126d3ead72955862ef90710ef0735d96c132a42b2efb5b915d4ee0cfacc5332e3ecca7e77cdb9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5b54ac862c1de0f1a0c5a7729fcbbd65

SHA1
98655b6171eb47aac30f49a8a1456fe4a8da9840

SHA256
bac31487d55f5948d9a8de915389ed2b3088370fdc26525e935e381f66a3f3c4

SHA512
4d960a1790c11acd339b92e9caab72d1c10d5b75d99d128e841bc80edb3b7966bc2b81a44c5c6703e64e8f5ef250eef16b65b7beede13a89485d83676d1af98c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5c735bb732c2522c4906fc58bdd80e3d

SHA1
aa1eb02ada760b80e9b205dda5b7e483115e990a

SHA256
4e782bfe84f44ac141b6757d48ff0d391990571bba1f91653b20c57d91f70e39

SHA512
54f8b8126bb23d8307cf41f0fd2c53a0116e16845f7a3784558aa82e9c46cc10a8c1e734ae2ff19def5c7028a6324ff87ec5ca88a70941f3a547dd1f01f85a63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b9cd0e47f0247309eb296e006b464654

SHA1
46e2e53dc2626f863bbae8a87847abe90b280d83

SHA256
923dc8208ab7f39cfd6b3c3e5f252f983448da838092fb597b6c93847bd04de1

SHA512
2664584fd4c0c34f480189e478d8d37ca169aa65fe98379fd431755acff63129b05c317940014309e6a73625aca4dd7e58666dfb2376a4444ccfa68c4bd94153

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\16.png

Filesize
566B

MD5
b3b099003f605d552145790cf1b71e00

SHA1
6dc54b1268536935e9ac96a27c34c03aa1a1eccb

SHA256
1d1113f78a60a4702db32f106598883cb864cd273a708ee292dd6003e3cc8d4b

SHA512
d078de028160ea917c24ccbda0b74a8374a2153c7bd1f5a108710b102d64f0ffdc57caefe2979153a8d42d2e8d7a85089680bfae9f4facaaf048d8d93494d5f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3908_454897257\Icons\128.png

Filesize
7KB

MD5
8eec20e27dd654525e8f611ffcab2802

SHA1
557ba23b84213121f7746d013b91fe6c1fc0d52a

SHA256
dc4598a0e6de95fae32161fd8d4794d8ee3233ab31ba5818dfbe57f4f2253103

SHA512
b19d628a7d92a6ec026e972f690bf60f45cbab18fc3e6ab54a379d8f338da95e2964ecdc5e2bb76713f5d3ab2ced96766921e3b517036e832148d1fe5fe8aa6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
e9b9f2da37715ee6edc4ddbfabf23561

SHA1
d3c35e6aa824dcbd9ac4d363b64b67bba2ce9860

SHA256
ca16dcc92720480e0259d17394044514c9572235e0e7118c04ee833cd97fb38c

SHA512
995daf8f193597dfafcaa44fde06e91df27fc0c8239bd7a67060271a377b9748043fec4ece64d482506a4a89609d3d95df07c5e6d787baaf7d38505681c50deb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
f54c29e67c8f54970ba170b636153d19

SHA1
707b484c8d8c80b38632652a5c856fb87a64db70

SHA256
fd26695357b9338f79cc4acc0aa4636a13f4dfb146a0b6c8588d14224f76cc39

SHA512
32b7dcbafd055880aa98f3c66c0f0dc6e381904772696cc6f0123371992d3ab2ce30b4eb4345bb3fe94f38607c40932bd1e42ee80dd6988f9128fca76509ac36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
cbd6c2ec941b4e96d5640d870f8d4f9e

SHA1
3f5946b865d75c35e35f32c637356207de865420

SHA256
9e46dd6b58e98f3b950133761d834137bf23a1c83a2f606a42ddf0c3b4251985

SHA512
9972f2aa09a98ae37f7df8947a6fd7052d1221adc9bf2202fac73757f966afb76ceda3ef0b23d31ca405d665965e9899b01b00a186cc15b85d21a5790e74c60f

Download Submit