f6363f36b8649e9d8ed2e29698a4db11d412df38d35a95491242010c3d9814c0

Analysis

max time kernel
50s
max time network
52s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02/10/2024, 12:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

discord_backup_codes (2).txt
Size

231B
MD5

9976296e23721d1f9b084541f3a658e3
SHA1

3c8f96995b562befff9121546c0dfc532dcb1322
SHA256

f6363f36b8649e9d8ed2e29698a4db11d412df38d35a95491242010c3d9814c0
SHA512

9ffb80a2575685bd28434fcf3f4eb558bbd559f5df3f02860cd70bfa215468003f39ddcc5bfaaba102395bc18d3d20358c69a2de1c60c7ef68bb19e75223d317

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
15	discord.com
22	discord.com
23	discord.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133723448219435802"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-661032028-162657920-1226909816-1000\{30906D70-2843-400E-BEB8-267A3146EEE3}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4916	chrome.exe
4916	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: 33	1856	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1856	AUDIODG.EXE
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 1356	2724	cmd.exe	79
PID 2724 wrote to memory of 1356	2724	cmd.exe	79
PID 4916 wrote to memory of 1364	4916	chrome.exe	83
PID 4916 wrote to memory of 1364	4916	chrome.exe	83
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2408	4916	chrome.exe	84
PID 4916 wrote to memory of 2804	4916	chrome.exe	85
PID 4916 wrote to memory of 2804	4916	chrome.exe	85
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86
PID 4916 wrote to memory of 4336	4916	chrome.exe	86

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\discord_backup_codes (2).txt"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\discord_backup_codes (2).txt
  2⤵
  PID:1356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7fffba75cc40,0x7fffba75cc4c,0x7fffba75cc58
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1572,i,10907209561663503023,15353183651610455919,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1632 /prefetch:2
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,10907209561663503023,15353183651610455919,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,10907209561663503023,15353183651610455919,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2176 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,10907209561663503023,15353183651610455919,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,10907209561663503023,15353183651610455919,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4300,i,10907209561663503023,15353183651610455919,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4388 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4540,i,10907209561663503023,15353183651610455919,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4704,i,10907209561663503023,15353183651610455919,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4744,i,10907209561663503023,15353183651610455919,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4956,i,10907209561663503023,15353183651610455919,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4864,i,10907209561663503023,15353183651610455919,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5068,i,10907209561663503023,15353183651610455919,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3264 /prefetch:8
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4712,i,10907209561663503023,15353183651610455919,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3352

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2988

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2340

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004B8 0x00000000000004D4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
22334d7d6612fa971cc8d7e4d35fe654

SHA1
5ac2bdcf662662038ae019d453a313c87b3f88cd

SHA256
0abed77e59228627974878a21c8e8468e1fb12dbd4b571b16fa34871edbd9c99

SHA512
0577379d9253201d9faee9fad759b5fbe52acdb93f3a82fad2b728d317da46a0d00deafd626db68efbd63c789e0f34ed947b5ed0fb06e96f1c9b22c041212ae6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
99750bad0e3b01c594373245757bbbdd

SHA1
4159462e5b678ec61a9d58ca7aaf5ff065ffeab9

SHA256
13b953404fa7d76237ebb7989d863e72d29ac46f2aa16c622fafa363817ec886

SHA512
b4582d683b6fbfc5b32dfb55f10119b73fc22fac7595bd7af978a8000a992e25c680f9290006a27e078041bcc6f60004aa1b60c6d4b1f0049aab04a186dddf9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fe4a03d647120daf454095a8ceb395f2

SHA1
16d7ae26faee224e0fb2d2624652a2591008055c

SHA256
8df5271626043cd9a0e0e91f4155b36d3dc0c1f05e229993e3a6a471ae32c09f

SHA512
130e0c8da54899aed919d170656f9d3d5ec1ffff805bc0580100d0e1f54ea0c9773301a434460b46e470a041ea839378ed0bdd7342ea692cecb6376a856d30a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c80358788bac4ce9691cf26e86519bfe

SHA1
607488ac590b0fb96c88926ee2e9d7389c5fe81e

SHA256
6629c88017eb36e08483c845cafb5996604f8f27d17f336b6e3935fbfe18b690

SHA512
b286f6475bdafc76c8660846bc4e5e360a21268385c4c774ff7c421662af6265eb62a65beb32023ff13c60c4234330ff76dc3a39e9e300ec4924d9d819603884

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3af1b9b87ecf3af48b945578d10590c3

SHA1
4f59ca1fa2476cdca6e2ceb4c4047eedb799b8d7

SHA256
2d81d4358fac7009717194a4b55e03fadbc037a88ca8ff0036bc24cd0b862fed

SHA512
7b9862efee9c44f0abf1b0dc9cd66eec1f5bf36dad0ef6b2ba8f4d42ef657939c535851c51c4ca8094127f92eb702189c0250edfa2cb6ac016eee69767d0ec48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f516c85b0ae9d0257048b5757c17b48d

SHA1
215d798fa065fae652776b3a1c1e77e526e88520

SHA256
5df754529b019862eaaa2490db3bbcac70c0aaefa3c457119a48d97a7653e4cc

SHA512
25cc41dbafa9e0230f9fe58ff2b72fe49faf4e39e4138563d9ebf29a44d39a099914ebc3a67cbe974c68fe80dd092fc5c643f94f254ba6c16133eb42869e37b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
07358b995ad4a779d306b04e688cd144

SHA1
233c095014eaa870760e2f37fe98222af2e79af6

SHA256
ec6afcdecefc69b6f046090ad752e3b22bc9d84c587a84a3a7cc0243c038e87c

SHA512
ea6e4c9745a83ae23d22a9ca5938c8bed66fd5d71e805c952a7abee9bd79d7d2cc9956dbfd2fdaf80dcfe44abde84f41272f17e0f41acf827433835fad71bbf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f30e62c0abcb274ca4b1d540f53085fe

SHA1
560e8d905a49a2141ee8fa639b9982018362a381

SHA256
d8e346abb7b02a13fe97d065016a520567694d2de8d3b3b17c4a5a18cb3f2aa1

SHA512
8efd54d45caa84cbb5927f0b26e9a08e32dcfb7ba41d33bd5a321e4b17e4195d92aa107be9bd0d8f43e7ce9d390ea52f671051febd0dcdda6c002701310ee746

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
9557b8ee9f755f95819c54b382fa9c42

SHA1
44490f3e98690a3ef8aa3614ba85bf2524599988

SHA256
06adb65bbc7417f5c4f320287ae1d4d41a3139bb1e2028afd400c9d133250bd3

SHA512
9be3244d4d50848a1be85cef4404f8ea77af8ba2bcabc692b6127201d74c6dd8bd770771a93b1be990376430414ed82ae2cca2990ee165e479040980df9f78d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
561acb6b2be893e4a2e9515795da0d20

SHA1
ccb2539b3195291d17f893565ed814f80830b918

SHA256
5f7b4ad3a2ee4c5c49a096debba59e6916d6f7b77ce660badf021eaf5dc7d03d

SHA512
bda3ae6949fa31c7c9299fbb2f6b6acde5afe60f0f4ada2933c5a6aab3a1c8043636fdde945e300ea49dca9784b50c3c1d6eb94a94cfd9e34412226c08af6790

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
376c9fc81faaed2c5a8ffba067b69370

SHA1
01d1eeca156df97219daa7a5cc159a27ddb17fd0

SHA256
b8925a08fcce98d4bd69d276f90359455032a92f469248e17d70e8b3af6f7612

SHA512
daaaa0f324bbd8200c02067f66b5413548a8ab3ead1f6db11af27da9c070f7b01c9433db79f7e4a4af8c2765d9ea5ab143061117372a20a2f55ae78494a9a338

Download Submit