hxxps://suc[.]directaffair[.]com/ga/click/2-41760611-13-165972-1220227-756899-7d20e800f6-2gf9f27a65

Analysis

max time kernel
90s
max time network
91s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://suc.directaffair.com/ga/click/2-41760611-13-165972-1220227-756899-7d20e800f6-2gf9f27a65

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133719498045658465"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5088 wrote to memory of 1464	5088	chrome.exe	82
PID 5088 wrote to memory of 1464	5088	chrome.exe	82
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 5112	5088	chrome.exe	83
PID 5088 wrote to memory of 2664	5088	chrome.exe	84
PID 5088 wrote to memory of 2664	5088	chrome.exe	84
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85
PID 5088 wrote to memory of 2696	5088	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://suc.directaffair.com/ga/click/2-41760611-13-165972-1220227-756899-7d20e800f6-2gf9f27a65
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff227dcc40,0x7fff227dcc4c,0x7fff227dcc58
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1736,i,16268870918782013290,10072107468507859586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2060,i,16268870918782013290,10072107468507859586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1664 /prefetch:3
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,16268870918782013290,10072107468507859586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,16268870918782013290,10072107468507859586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,16268870918782013290,10072107468507859586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4460,i,16268870918782013290,10072107468507859586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4400,i,16268870918782013290,10072107468507859586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5012,i,16268870918782013290,10072107468507859586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4916,i,16268870918782013290,10072107468507859586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5160,i,16268870918782013290,10072107468507859586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5196,i,16268870918782013290,10072107468507859586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4936,i,16268870918782013290,10072107468507859586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4600,i,16268870918782013290,10072107468507859586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4496 /prefetch:1
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5308,i,16268870918782013290,10072107468507859586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4964,i,16268870918782013290,10072107468507859586,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2800

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:404

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a41653527ae22a005bcafeebc281fd73

SHA1
e0a29a9e0c2a05aa2815cbe8405308be6a326b1f

SHA256
4bd72c4f503a92856b42035db005ee40b0902a88c63782f2aa984d29174e4293

SHA512
b9de23bf89305587e984469a70a7f69a7f98bf9f48ac91545736aa3f2bfc63020c5b6729cc619fd86ab92bb61cb687c97d24eb39a8ec945472ea651dd64af4df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2e03054fe850426bb3c2d68e007cb108

SHA1
2e3a91df7b73ed2a23eadd2ec65f6d85249ac1ae

SHA256
518e7e6d2073fdfd44572729e5e19cba10daacd220b62eb00c66d3f4f58ec774

SHA512
2680685818d09009084114508426846b4c78c8237a0c9aa0c62a02ec9661abedbfd90b5436a4bcd8d8c1709c66bc154694d554b712fd25963c6deeb04d2b701f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
b5fcccb2666dbb1e5aded91c666b272f

SHA1
42f0b830e83ba2f781129e272277429f06a9f8f2

SHA256
854d66d7628474a7375cc03f214df5fb33c2d242ada259d872346cff0ef5c954

SHA512
431e393faf884af8e4ef5c5973a4a63152b5464912a67de3a68a431873f8c4aa87a4a3707b64e66190b757a31c267ecec2d95fd6df23b6c2eeb2d9528078e1d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
279f95854696b98d0abb51ffb3a89087

SHA1
d25e02e69d889712da13b0adc162ed3e1c4cb5c6

SHA256
3eac7105719b8c568d95ad48843981174fec7931031bcaf7d2a01d8e0e2b288d

SHA512
8ddc65c35a81ebfef02bd77bccd321680cf59fb340a6f283e4ea1b2e79dab2304b18227069cdd2a8d50ffe023c0bebf2d0a642d14cb3c9ae335ee60d8fd2accf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6016d8154b83f8106b408b528153bc3e

SHA1
3a37acabdb11c0efb8cd16a0c9aeb01080402307

SHA256
b886ab44780a0c169f242a79d32b0a54f223f050ded724669ce828f4129d1d9c

SHA512
4e86f90eecea84c0942d7239011e7ecdadfab36df3a1d6d576335eaf4eba523cd63d3a2338356f7e76fc9b85643e7a876c8494bf6594564f3baffbbcc07103f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8d9eae624d4224cc549c0d2050f46ce0

SHA1
9bc9f457bbd023e17c645e1c8adeb2a4254947f5

SHA256
d43ab8054ac7d336d0a91fa99b772d33fc4743cae5070efef4336f30b9f2e0d9

SHA512
53a5995729657e851c07d7b88b6f6fd30a75baa810b0e8d92d9612d6cdd580627aa7932f37838211732153aa5284c6c01a1068f5a16b442e758e8f642a29346d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d5c3eb79dc4d511a7b081319e4e01e97

SHA1
4da14860023e0fc3481825eb0632e1ff227b3ff8

SHA256
493aa86cd2d4e07af624ec65c5d6492ca8a7c089f6ab9595dd00c63f4d8b5834

SHA512
95084fdb2689be9f4f472e64d0819d524f478061313cc573b86522ec69bee8bd20351867d31420d41e729835b1b1d3667828404c7e6d5fe39d858b874fe964f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
eb9bd0343b6350e1515e769d31b8cf61

SHA1
6573177f06ad0c5416fec4e8ec77c482dc9a9bcc

SHA256
815bac722db95e60fc2731df82d99b4739835dfa50e455fd78fe5135a281c937

SHA512
7e56819e353e659ea377b0c8b9627af35cb2de4ab79c07ac77536f37d7caaf7ce57d435fe750155a2f33dfd58a402300b241d2b26d89470ffd5082a8198b94e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
47f1c3dcd9581c982d0fca8a0b54c41f

SHA1
f7e3fd3d70bb4f25ea0adc141fa78ddc1c0aa841

SHA256
e90f0552f3382d4b884f2edf8bf85869bb3bfc517fa0e85fcd16031eb909c44a

SHA512
03fb3a1754aef5325c8fb3ecb11292db43d996ed40cb8d66be7c3a3aa91333a4c1b19d880ad7a737474618dfb815e86b82050df9ad6a75badd814729d477abd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2c8761b2cc1fa56720d581fc71ab5b45

SHA1
821e0d53c8861272caecd904dfab4559e1bc0635

SHA256
81bf4a822be01e16722c4fb739e18d22b22599591fe987757d6cb461f9227faf

SHA512
ef9f8b3552c8395b8626fdced176c0221d38fa44affea1b48df323c7255f34627de05e3a65c1a72286ec6ddd18725635ebcb84b6f1cb45b38e06599a190949f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
e2d729bae14b9721c34a40e3e5586cc7

SHA1
d579889627644c4db100e2174b9619d3e90190a8

SHA256
a4e9c3ef9040373b5967c5514efa1fa4ee4857b9fa6b9f8f3ce45a196002d926

SHA512
4c15a1a9cc3ceefa2e3b9faf52f74f9bf33258bbf9e4ae80830f7a38693d410eec13441efb79258564cb9879bd3779ea89c54b386edb86bde5344c4f64b06cdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
6c30604db0f2194b7dc07b29402cfa74

SHA1
b08c4e002b0e3dae9d96c00364931cd00f42d9ca

SHA256
066a28bfc9745dfa613d9df0d72655e1329b3698f2820bf05c1bc88d1dbecadf

SHA512
ed1446755e0a59a4d93b3ba1d66ed618a528fb1a2a7b19d98b8cdc3bf875c69e093fba87f0525aa911b2156c33c84f970afd1b528f7f233d00f6e4fcfab2f448

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
ebf121dcc23e518a953730ad8b835aa2

SHA1
8f72d2a97ce2548e6738cf0ab83bb09d0236fa94

SHA256
c62b781251f6c5ae06dc456b9752ca32f113bfad89a496feacb52b2a6cc29239

SHA512
d3b9c5de997eac2d448a2cd75b6ab1f08e0fe9939754a0113996ff4fa4c141db0c1af909b974a774efc08d8055d2bd9959edfb2bcdbffa274b292bd18f97fa32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
168B

MD5
4e70370ccd3ef54c3975f1aa29532a36

SHA1
40ff966d7bb78a8c14e8b20c256f7b6b75caf8c2

SHA256
5d44fe90343ec808334d7567eaec2051a9f71a7f0286581e181c698984e4c708

SHA512
f95a5b761e9b625333f564f551162bd7bdfedff86efc225631d86ef44afa056ab5f8ba38ec8302718f00d7488456774cd2bff6fd3ff0b8471f0025555d64b0a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
1a5bba6aff495f60b57fcbe61b5c02be

SHA1
4988a4d2d08f5c8cddc9a960f6ad7d4c9ab299db

SHA256
c9d0780070e4c0151d8b0ad872a2b310fc82d51ebdf229f1b0665708b4a7ba57

SHA512
c6e963ae3bc185079f82bf591bc375b54c298cadb10a16f9127efe3e37ac35762293f3981f05513b03b267bfd31d24f575ac13fd5dc9cf15f7e5ce59aa30229a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
6465823e2c2a055215b4f2d23915703d

SHA1
d6df037174f0885b25ebc343082888b4f769d39b

SHA256
914f86549f45dfa6b6ae2c19a7f6f3823c96fe556fc13fd19bc75f49e96f0475

SHA512
739465ff9556f719c0e98df206df50dd707511e293acbee6b9d1771c2a3db0d31d20a127403600eff11aa64450af5200fe568f20d7775a6bfe9bfd9dfb5dd3bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
485a3f9d519cfcd152d65a89394f70c2

SHA1
c2f0a20add726133a8a62091c09e2915008164f2

SHA256
ba5175c3b9d352260e0daf53c4886c365b781e65cddb17eeea378b6c39d3c6fe

SHA512
181d2362491330ba37db6a0bf9005c2c029eee04ac8595931d949193be2216fe888a41465e49ac8318a489ce66e073728a65dc279e7f3edad86bd0b05447a6f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
0b51130109ae9aa2306f784986bef513

SHA1
37b47fa765286669fed2fffaf4358766bb1e8f05

SHA256
afc40472cc1893385c1727d9e37ab760a4300160b25713bf462294d64c8fd1d5

SHA512
2d91a9ccff513951269895b9e13088b7071508f2a5ecfd58f795d306dba91612c564bb6a570411208e0c484abd2dd98c4508127c85fd60e59fbdc4faf5c31048

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit