196c4b6bd47c1777c28f5f4e6b588f089bec0503eb1d675cd8519965402b5503

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 00:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

897KB
MD5

9616f9acdd1623e5f1a5afed99703052
SHA1

4414a85578f80074fd4be3191f649d90d142ccfc
SHA256

196c4b6bd47c1777c28f5f4e6b588f089bec0503eb1d675cd8519965402b5503
SHA512

d2e248c320636a8f94e14a1adf4ae1c387f6dee82d5d61cbe61188ff9e00b7e1301eb6c1803763813ab4916d401b6cb33404894ac04ee9557e42a72fe058631f
SSDEEP

24576:/qDEvCTbMWu7rQYlBQcBiT6rprG8a4sK:/TvC/MTQYxsWR7a4

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	file.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
2328	taskkill.exe
3748	taskkill.exe
4804	taskkill.exe
1164	taskkill.exe
3372	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133724770326016567"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1468	file.exe
1468	file.exe
728	chrome.exe
728	chrome.exe
1468	file.exe
1468	file.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe
4016	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1468	file.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
728	chrome.exe
728	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2328	taskkill.exe
Token: SeDebugPrivilege	3748	taskkill.exe
Token: SeDebugPrivilege	4804	taskkill.exe
Token: SeDebugPrivilege	1164	taskkill.exe
Token: SeDebugPrivilege	3372	taskkill.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe
Token: SeCreatePagefilePrivilege	728	chrome.exe
Token: SeShutdownPrivilege	728	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
728	chrome.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe
1468	file.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 2328	1468	file.exe	83
PID 1468 wrote to memory of 2328	1468	file.exe	83
PID 1468 wrote to memory of 2328	1468	file.exe	83
PID 1468 wrote to memory of 3748	1468	file.exe	86
PID 1468 wrote to memory of 3748	1468	file.exe	86
PID 1468 wrote to memory of 3748	1468	file.exe	86
PID 1468 wrote to memory of 4804	1468	file.exe	88
PID 1468 wrote to memory of 4804	1468	file.exe	88
PID 1468 wrote to memory of 4804	1468	file.exe	88
PID 1468 wrote to memory of 1164	1468	file.exe	90
PID 1468 wrote to memory of 1164	1468	file.exe	90
PID 1468 wrote to memory of 1164	1468	file.exe	90
PID 1468 wrote to memory of 3372	1468	file.exe	92
PID 1468 wrote to memory of 3372	1468	file.exe	92
PID 1468 wrote to memory of 3372	1468	file.exe	92
PID 1468 wrote to memory of 728	1468	file.exe	94
PID 1468 wrote to memory of 728	1468	file.exe	94
PID 728 wrote to memory of 1932	728	chrome.exe	95
PID 728 wrote to memory of 1932	728	chrome.exe	95
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 4676	728	chrome.exe	96
PID 728 wrote to memory of 2384	728	chrome.exe	97
PID 728 wrote to memory of 2384	728	chrome.exe	97
PID 728 wrote to memory of 2300	728	chrome.exe	98
PID 728 wrote to memory of 2300	728	chrome.exe	98
PID 728 wrote to memory of 2300	728	chrome.exe	98
PID 728 wrote to memory of 2300	728	chrome.exe	98
PID 728 wrote to memory of 2300	728	chrome.exe	98
PID 728 wrote to memory of 2300	728	chrome.exe	98
PID 728 wrote to memory of 2300	728	chrome.exe	98
PID 728 wrote to memory of 2300	728	chrome.exe	98
PID 728 wrote to memory of 2300	728	chrome.exe	98
PID 728 wrote to memory of 2300	728	chrome.exe	98
PID 728 wrote to memory of 2300	728	chrome.exe	98
PID 728 wrote to memory of 2300	728	chrome.exe	98
PID 728 wrote to memory of 2300	728	chrome.exe	98

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2328
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3748
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4804
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1164
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:728
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff99b10cc40,0x7ff99b10cc4c,0x7ff99b10cc58
    3⤵
    PID:1932
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1604,i,4005492196610877257,660638888303451682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1600 /prefetch:2
    3⤵
    PID:4676
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,4005492196610877257,660638888303451682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2152 /prefetch:3
    3⤵
    PID:2384
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,4005492196610877257,660638888303451682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2240 /prefetch:8
    3⤵
    PID:2300
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,4005492196610877257,660638888303451682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3148 /prefetch:1
    3⤵
    PID:212
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,4005492196610877257,660638888303451682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:1
    3⤵
    PID:3328
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4628,i,4005492196610877257,660638888303451682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4636 /prefetch:8
    3⤵
    PID:3216
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4708,i,4005492196610877257,660638888303451682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4704 /prefetch:8
    3⤵
    PID:4848
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4864,i,4005492196610877257,660638888303451682,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4796 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4016

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2196

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b6e59c6a8a4a39d21dfad88f9531e3cd

SHA1
308c284ffacd977eb511d1cdad74cfca1253cd67

SHA256
d3a641ee5a28758d34a157ba81673910399ce4022ce944e47b92d5c57d1659fb

SHA512
d489e7acabfe3e3c34060bc448a01ba03c6f906871234df8246493b6a483ebafb08a2cf1d25619c80d7b216bf7831c9e7a48d1aed8f8e1c03c63be62b0370676

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
2caa039f2166f3f84cca12485152dfbe

SHA1
62677fbb8a6d49d25a7452677b1a5b1a11dae687

SHA256
fdf76fe7f8e5276bc8d23ffe7b28f24c75ea30240e971dd15253de87cd71f37f

SHA512
17e2b305cecd334944baa43b073b81c91fb7f422235dcab00c08c217806e2baaad7b0380efa7e3b477f377469439ace4806dd78645a7596bf7211172617e1b1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ec334bb5d9d5f3941b4000e75caba931

SHA1
c13ccd68c70a3451a9a10ddbaea5b7b307164ac8

SHA256
4704e4e8630789598da550ef0898e1a32541582cacbb5f61e601114d83e64f5b

SHA512
e2e009f2ec9e6c2466746d13078037f27a23556ba5a5116ba5467c8b3dd7d19fd06f119400644fbfd6cdc93d73180f8ae3d617c8f8702535bf8ac804c80a0a19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d852663d275959215eddc172776b3d69

SHA1
f074a5e2d256903247fe0cbc663077b976f85ebe

SHA256
6deb8062eea836a7485a9267fb695c1601399677c92c805b0572f01768875fea

SHA512
6268e836f58f76e2adffc30217e7b7e6e9e902fbbc41e6394d08907322a4aa2f61371e33659c0296d002f98135f88a39be6e0926aef64ac4a7db368cecf4eaa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
847B

MD5
11c8ee95ca0e3299ed00f91b600a5d82

SHA1
b2b248cb30c6b9cc11fbfc727801ae927bc184ee

SHA256
ea3a4d41770817a3c18f7786427dd11d6184fd565e42bafa03d5c6655e7ccf05

SHA512
ab4cf06573e62bbf2a28182ffebb91bcb6af6a7e0b264171e3318007ca5ba0c81ef785f2460233268b061b874792e50eda239ba6bc735c5dd4dde819521cf920

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0caac39c7489f261d0cf225cafac1c7b

SHA1
36240aeac05c001b1b317f2fa457271aebef49b6

SHA256
eaa4ef0ac5d125cae712ecb2ba9a0b1a458a57574ebde30bb1d5fb2cae6dbbc8

SHA512
77a14d9a409fcc2f25477c5386da6ab95fd92b3049351410ffd9a7d8f0a8432c3253e51065aec6694e32881bba0fe4f2c5458ae4083202e77e588dfdc6b8c8ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3c07b5de32c7e0a935f85c6e40c0db6e

SHA1
af24ab299addf821dd41ba41d84b9b165ce22df5

SHA256
61cd8a863dd9d9377ac6476c6f803fe46f6a63b06324d782e6842192fc5d0700

SHA512
c896a37829f796e1f2c29a51a01c87aca97748f8a31420eeb7c3a9a5b71c841b49aa45e5560cb2259e2934e6511e0a82528aadab43e61d6f6184a6868103635d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
51c1bd6f76c456abdf38f08e183ac735

SHA1
bf6f78e2fc3de419062d51504605ee3720f3ef20

SHA256
cc1350f26fadffc2e4783b0f0f69d197a448f8e5689bc4a241fa2a69f0fea5f5

SHA512
fa2f34833c33f8fb137a488e00ff16e253fec4e30d26a98d166fa574b70bbf06c90709a6b0959c2efaaf4c92b3953f68fcf8e80b2d3bf6d35d5ccb0fa3bb614a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7be21f0929b90adbd35e70981e6d0841

SHA1
5ce204e64d6ef339ff8557d847ab79ff0ff9fc05

SHA256
537176a96ab23528fd8beb90cc74c2927a3f672ff2b0978987210e751218c7d5

SHA512
ab5ec814e773d71b1ed61541db01331b223d3fc4d7865550440406c626c88430df439fa3d04b8a25ac4c49038ad638ca844664e5d1d21e6cc5311d5ad02cc19b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d2b81b7c8e20c3a12790b6bb0540a48d

SHA1
4d47a0980b7b63461cc34dcb8b25ef2ccfa03ac2

SHA256
61a091b4060ea8870bb0136708a343e2a4e57acd10858913138489eb02ce1d82

SHA512
ccf066975cdbf49005bcbb6fb5f4999d26b70bed09f712d98cd8ba4a9cc08643cac9099f641810ed79d537aa30604f21bf37a7df08eea909b8f17f39ccd1e3ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b4f6aa062ddc2bf5bde5578cf12b5efd

SHA1
d101894a5fab38c22d60604ba6654b09d65204dd

SHA256
0b5a55c000cb6b546796ae26eec956169ec3e18aa75547c3aa0421bbd97283f5

SHA512
b5f8e5d53f26a95deab2008055936a00a6aa3036ccde9b10ac28329c93d2861307b433b9967e0c4f25155f897ceb6c244d09446085fb9a36be6058665d094bc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
210KB

MD5
70f4e43c4aca32248cf8c51dca087ccb

SHA1
6e8841c1bce4837e8d7f529407c01d290d847e9c

SHA256
5539e17d3ecf71f1fa91d2e2ee8b2a5b27a77886ae355ec495eb1db0cb846836

SHA512
f5be6778b907333845c93a427fcf98bc51864fe74f12b739b77759c939474ed14e4edc9c6164ba3e1447841f581643b41b2344638dd6e5a7155afcf251b66ea3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
210KB

MD5
4b04c2241e9e00734e9b9754455f4797

SHA1
ec9a2e97c0ffa6f6fcd4fb3f7be9f10a1f1826cc

SHA256
5d8aadbce44e058735ff48e3b0f44dfe0330067d5bc6352ca7c1604ef9403924

SHA512
890a17d5e086692ec6b730c61704a21b389d5300a6564c02fd5bc45f9725dad4aba91b9dd6ed47acacbe859e75b568e0401dc2b3b9b3d375128f6f78018d4f9b

Download Submit