bf0cf6cb2d3028673bfdc02d6969cb0b0561a36899dc9fc8d50596c3b3ca9a7e

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 15:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

897KB
MD5

04ca275b1270833d4fa6198f72714209
SHA1

b7a7398967b246a3a6d14060a3e1c554108a8de0
SHA256

bf0cf6cb2d3028673bfdc02d6969cb0b0561a36899dc9fc8d50596c3b3ca9a7e
SHA512

ffc8fa7689918ec44ebd1cd619e8909795cf7f353aed92bbdd60b65a2573941832ff7c59e76d2f1873e8ae8cf00ca68e02df703a200410f8f1145dd22e8e2da9
SSDEEP

24576:pqDEvCTbMWu7rQYlBQcBiT6rprG8a4+K:pTvC/MTQYxsWR7a4

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	file.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
2152	taskkill.exe
4808	taskkill.exe
3888	taskkill.exe
2436	taskkill.exe
1912	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133726168346555996"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1772	file.exe
1772	file.exe
960	chrome.exe
960	chrome.exe
1772	file.exe
1772	file.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1772	file.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
960	chrome.exe
960	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2152	taskkill.exe
Token: SeDebugPrivilege	4808	taskkill.exe
Token: SeDebugPrivilege	3888	taskkill.exe
Token: SeDebugPrivilege	2436	taskkill.exe
Token: SeDebugPrivilege	1912	taskkill.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe
1772	file.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1772 wrote to memory of 2152	1772	file.exe	89
PID 1772 wrote to memory of 2152	1772	file.exe	89
PID 1772 wrote to memory of 2152	1772	file.exe	89
PID 1772 wrote to memory of 4808	1772	file.exe	92
PID 1772 wrote to memory of 4808	1772	file.exe	92
PID 1772 wrote to memory of 4808	1772	file.exe	92
PID 1772 wrote to memory of 3888	1772	file.exe	94
PID 1772 wrote to memory of 3888	1772	file.exe	94
PID 1772 wrote to memory of 3888	1772	file.exe	94
PID 1772 wrote to memory of 2436	1772	file.exe	96
PID 1772 wrote to memory of 2436	1772	file.exe	96
PID 1772 wrote to memory of 2436	1772	file.exe	96
PID 1772 wrote to memory of 1912	1772	file.exe	98
PID 1772 wrote to memory of 1912	1772	file.exe	98
PID 1772 wrote to memory of 1912	1772	file.exe	98
PID 1772 wrote to memory of 960	1772	file.exe	100
PID 1772 wrote to memory of 960	1772	file.exe	100
PID 960 wrote to memory of 1796	960	chrome.exe	101
PID 960 wrote to memory of 1796	960	chrome.exe	101
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 2428	960	chrome.exe	102
PID 960 wrote to memory of 740	960	chrome.exe	103
PID 960 wrote to memory of 740	960	chrome.exe	103
PID 960 wrote to memory of 2096	960	chrome.exe	104
PID 960 wrote to memory of 2096	960	chrome.exe	104
PID 960 wrote to memory of 2096	960	chrome.exe	104
PID 960 wrote to memory of 2096	960	chrome.exe	104
PID 960 wrote to memory of 2096	960	chrome.exe	104
PID 960 wrote to memory of 2096	960	chrome.exe	104
PID 960 wrote to memory of 2096	960	chrome.exe	104
PID 960 wrote to memory of 2096	960	chrome.exe	104
PID 960 wrote to memory of 2096	960	chrome.exe	104
PID 960 wrote to memory of 2096	960	chrome.exe	104
PID 960 wrote to memory of 2096	960	chrome.exe	104
PID 960 wrote to memory of 2096	960	chrome.exe	104
PID 960 wrote to memory of 2096	960	chrome.exe	104

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1772
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2152
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4808
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3888
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2436
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --start-fullscreen --no-first-run --disable-session-crashed-bubble --disable-infobars
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:960
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff96630cc40,0x7ff96630cc4c,0x7ff96630cc58
    3⤵
    PID:1796
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,1167789828159945027,9469971206061699817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1908 /prefetch:2
    3⤵
    PID:2428
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2016,i,1167789828159945027,9469971206061699817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2064 /prefetch:3
    3⤵
    PID:740
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,1167789828159945027,9469971206061699817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2484 /prefetch:8
    3⤵
    PID:2096
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,1167789828159945027,9469971206061699817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3172 /prefetch:1
    3⤵
    PID:5096
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,1167789828159945027,9469971206061699817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3336 /prefetch:1
    3⤵
    PID:2816
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4600,i,1167789828159945027,9469971206061699817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4636 /prefetch:8
    3⤵
    PID:1036
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4768,i,1167789828159945027,9469971206061699817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4776 /prefetch:8
    3⤵
    PID:4580
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4824,i,1167789828159945027,9469971206061699817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4928 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4488

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1328

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c1731e3477c83bc3c178aa365b2bfdcf

SHA1
6e43ce8addf63654dcc8375e587cd47e36b99e3d

SHA256
464fa6d6ab24352534bde01fd36796683c5375e399da436dd242fcfffadea9bd

SHA512
5d290b99db1f10a8a55f9ef3841b16c2708c9db696eb970dad8818f5e135a992330566060db20dea4bd005ddc3ef3ac3037e0cb7167340a34f91d527f24effc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
a76ca025f1c2aa67c99a235328934d95

SHA1
d650de6607e7a2c212e6aacae94207ba15b51d1e

SHA256
5539dd1ca9081c1d01622c40bfc1f5fbea18c13094e1609e804b285d66c8399e

SHA512
045181e499409b118d98189101f01c7d2d0edab7e879c8762a9c9207a5a503a07f853b2cc1a9f0cfe79af2869823352340bd5010ea1a74d44a687212ac20fac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d5f7df054ef7899da745ebfea1781676

SHA1
84ea1720629b3caaaf564bb7dbd1aa0d59ec290c

SHA256
23a000069b4dea74d9c20b7160fad4ad1d22bfc643226638988b2ca9edc5d464

SHA512
b13e23a67bcd890318608ec1c415afc4ed03303633f9bdb9122edc618da3224444498fdb19664b64c4535634563a936df73e471ab126713ba64ec6ccceeac9c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
383af547205c0b73460789dfcfa211c0

SHA1
b75bcad42eaa80e4755173d75291133fb676c108

SHA256
df6f69d461758c9ede768715dd7d5f45386f88f7c0e627d0fcda76721ea8182d

SHA512
4fc448f9095e64b5d2ab4ee26ce4ac04956ba5489789553e48c96b624b03c983e56772ef498f06f1e4543af4c4050e889e3854f8ebf4f0ef6eab28be9f9b8c98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
b7d11d23ec40020faa0ce1fc28225d53

SHA1
99afa8369d0400482cdcf1b82cc569edddda66d4

SHA256
c2c8069f8415af12809930e0b1c30a17e67b1692828dd0baa3f7108b314944ed

SHA512
092b10348587ef3bcf558095fa1f6b10b7c6345d7ee90632bcd30079fbe72bcd51eb67a4125a59d729b927533d89aa24161d0dcc07625856ebefa6e4a4984958

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f5277fa3875710aebfe666d55c357418

SHA1
7eb5b21642908090a4255c5244aa29fea7aa072b

SHA256
0d0efa6fc6122c10b350d8caf6a0fd04b2508f1e6ef00192116eefa8f7d4b664

SHA512
267d4efb70ce85ecfa956f57212a21350b72ac27be2d49e9fdf7efb937a01d5a4e7cd5583e74b8011061ed94f87fd61d4f0554e83ad8795666f9347fdac4edc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5bda064b06bc078e74cdebef5de65af1

SHA1
f744717dc7b1e6cb6abd827ba0140d42f4eb316c

SHA256
17f0461f672dcab00d8561c49146711f4be3e785836e081764584e8fdf47bdc9

SHA512
d0889dd571aec92235e8cbaa47af4dccf9a88845def5e94c4c46f331db7c28d8c148c1ed7601cab6da74d9d10e345dc5364c88c5b74be6df9f58d959bce377bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7bc0236efec9a025a954c85c0ed5c721

SHA1
1138fb9de6aecbbf2a0844317f331b72a836c356

SHA256
081c26161ea94f010800630f41fe04ac12f24e3ddc9ebda9ca2506f2ce9c2f23

SHA512
b8f4fbfa658dfeb1219abe96b1f87b1ac67f2a0ab25ad4cb5ee4f2995fc9f53490c0e024cd946e768687c7210351fb182828a31896fdde2119899efc0754a2bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
00f14964788b54342420fca5a631445a

SHA1
b4739893e5abcfeaee4f6a778254e90d672b0294

SHA256
3f4759c1c342eb41e730f721e50b12ce2d476db6f34872a06ac54e708b745e96

SHA512
593dabf3911e43a5e240bec2aacce8a11f7f7dd0a4602e3211647c45793138fbb80977fa3faca33beb2bac801689f968d38ff20e6f4e79944279a8bccea189de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
21010db1a9af96550b4589e01dc2e350

SHA1
9f3110a799534dbd806e39848a033d7cad1ad7f8

SHA256
1c03e743083bbe41fe6aa3a9010bd201052ae1705f25fbcd7b728079c09bd504

SHA512
b2bda3097cc1fd05ad4c190e217371fc8096b69a8299073a1993a354ded714ed469833e168b026314d463a5f10daeb19fbafaaf1e5d4c7333d19be34864726eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d2f082736e71fa5edb961e4da7ebc173

SHA1
5980ebe72e1656812340bd57dd1e69f759a855dd

SHA256
13594e7abf74a2ec56fbec82821d70e64d6219e48b0066745f4a9276b20cf303

SHA512
1b4b8890e7579e701302568b7959f9253d9b8377cdbfb0934d8f1927b43c181c05bde8291d02d23e15818fc5b6b3e746c2ff687facc8496022ff5faa6adef1ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
08eb9ccdb3536e96ea0a9f182d55a67c

SHA1
2e93231600967b1c677338b69bea2e78f07bdd9d

SHA256
551654e22da6ea3f3fe0976b71bc799edbf12524620b2bca8ebf90ff6507b221

SHA512
2775ecce57adda3147b02bb3de7199643c48d7973f21923c87a2021a32130741e15407ca14679e6c3e0ffcd0dc999b4d9510b5e5504ca0b1e56db5a9e70d4148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
12b6131511da6a095d32486ee58b1230

SHA1
d2d8f35b0ac0b7f853c3d564170bd10f608b457e

SHA256
c8c2a7c24b176d87caba16e47639c596a62fde8b958de586a86a765ae24ce02b

SHA512
a86e7583a6be676cc1d2e2af0193ded60c420e4b7b7170a65e69cd0d554c78e5d3af34e922d7b9883021b0df0d7e73eccf16514fe2b8a9a90bbae29d520c826c

Download Submit