hxxps://drive[.]google[.]com/file/d/1ueZbNGubLsuj6y_3kX5xZtRNWbf1vWXa/view

Analysis

max time kernel
27s
max time network
34s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
04-11-2024 07:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1ueZbNGubLsuj6y_3kX5xZtRNWbf1vWXa/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
7	drive.google.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133751781699338115"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2132	msedge.exe
2132	msedge.exe
2968	msedge.exe
2968	msedge.exe
4152	chrome.exe
4152	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2968	msedge.exe
2968	msedge.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe

Suspicious use of AdjustPrivilegeToken 26 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe
Token: SeShutdownPrivilege	4152	chrome.exe
Token: SeCreatePagefilePrivilege	4152	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe
4152	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 3356	2968	msedge.exe	77
PID 2968 wrote to memory of 3356	2968	msedge.exe	77
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2768	2968	msedge.exe	78
PID 2968 wrote to memory of 2132	2968	msedge.exe	79
PID 2968 wrote to memory of 2132	2968	msedge.exe	79
PID 2968 wrote to memory of 3384	2968	msedge.exe	80
PID 2968 wrote to memory of 3384	2968	msedge.exe	80
PID 2968 wrote to memory of 3384	2968	msedge.exe	80
PID 2968 wrote to memory of 3384	2968	msedge.exe	80
PID 2968 wrote to memory of 3384	2968	msedge.exe	80
PID 2968 wrote to memory of 3384	2968	msedge.exe	80
PID 2968 wrote to memory of 3384	2968	msedge.exe	80
PID 2968 wrote to memory of 3384	2968	msedge.exe	80
PID 2968 wrote to memory of 3384	2968	msedge.exe	80
PID 2968 wrote to memory of 3384	2968	msedge.exe	80
PID 2968 wrote to memory of 3384	2968	msedge.exe	80
PID 2968 wrote to memory of 3384	2968	msedge.exe	80
PID 2968 wrote to memory of 3384	2968	msedge.exe	80
PID 2968 wrote to memory of 3384	2968	msedge.exe	80
PID 2968 wrote to memory of 3384	2968	msedge.exe	80
PID 2968 wrote to memory of 3384	2968	msedge.exe	80
PID 2968 wrote to memory of 3384	2968	msedge.exe	80
PID 2968 wrote to memory of 3384	2968	msedge.exe	80
PID 2968 wrote to memory of 3384	2968	msedge.exe	80
PID 2968 wrote to memory of 3384	2968	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1ueZbNGubLsuj6y_3kX5xZtRNWbf1vWXa/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc89f83cb8,0x7ffc89f83cc8,0x7ffc89f83cd8
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,12849403928924048183,7060934860575582255,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,12849403928924048183,7060934860575582255,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,12849403928924048183,7060934860575582255,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12849403928924048183,7060934860575582255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12849403928924048183,7060934860575582255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8995cc40,0x7ffc8995cc4c,0x7ffc8995cc58
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1988,i,16191418002589140985,12114179874122117851,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1872,i,16191418002589140985,12114179874122117851,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2020 /prefetch:3
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,16191418002589140985,12114179874122117851,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  PID:688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,16191418002589140985,12114179874122117851,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,16191418002589140985,12114179874122117851,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3740,i,16191418002589140985,12114179874122117851,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3732,i,16191418002589140985,12114179874122117851,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4588 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4580,i,16191418002589140985,12114179874122117851,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5036,i,16191418002589140985,12114179874122117851,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4780,i,16191418002589140985,12114179874122117851,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4616,i,16191418002589140985,12114179874122117851,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:724

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2960

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
40fc0d8255218d7697623a9c730805bb

SHA1
7f8cb2183b3f6dd53f8bff374ccd51d5b6252c1e

SHA256
ca65c256c3fceb848ecf5cc095fc28b7ce4b61e4ae97397bc6f9e2b600d1d2ad

SHA512
b3c2e51285790151365fc7548145c73fe4198b8db4e0ca24710f59c9056d0a0116e0a38ae588db6dc6c8d41a576ff49e42302aa7ddc0443e337885d65e71c07b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f8857dc73af5524f97c19ec3e403dd3a

SHA1
96b002d525f8dc065c9c34217ecfa7057f679d7f

SHA256
eea8d73b01ffe14fbbdff530d24ec4783b4eae83cdb1cdd8536547f0b9446fce

SHA512
251ba0cdfb7e3d088bf0d20bf0a1a319a72ff08d1fc06f5505dbbf8ce14410c2d6861a09836e4852498cc1509c2421e0a77dfb1ecef48df3b69a5de3373f66ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2729c2dcf4ba4073db060ed71456281c

SHA1
6c63b0268725ada4a8de1174306e100607503e82

SHA256
f143d0a959b76ee802ca32d188d56f5c7fd8ee0b6272d620e277c6d938e040b5

SHA512
ec22f60056f067c2ee200471d6b0aea5487821bae28be4c95a1e2ecc615b6dcd07b77eaee80d728ab4fca5e85d8cc3349592310d293f8187a5e40f12ede72ba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3523debece6748049db856592ffd2452

SHA1
0d48611ffb2dbfa3c514fae089fb636083c56241

SHA256
3cda26af34e81d8481b407faf11dbb66912b38290e273a405194e63540aeaf59

SHA512
f3002e727823d4299f757e0dba035b58c114603c4e51fee5515833e7e7449aa92c3d8f6584ba10fbb47138f146e4376a03d15dca2febf52f2f131732f00ec982

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4ce26db93c251fcdbe1544a77e9dee02

SHA1
92a3084ec2324d2fd1e5348f30ff7ce4d0ad6cf4

SHA256
c43e85bba9d10150e4326ebe974e6ca7bed262a90a337c3bfadf33dddaec9a76

SHA512
99b34e09f0a627f3ccf1f7912a50007c62b76bb87dceefc49d992f01fe1f4056d14e40903425c71a1b569962382a77b5b01e1e91c96b2eb734daa1b4613eead5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8f98dd12966869866a3707990fb88805

SHA1
7ba902dcce4bff8fdedcd06574d5d245b22ef934

SHA256
5ea9aae0f812895ece1183f28b2e2f78b6a25276e4fb40525b33921e7fee194f

SHA512
973ae42bbe66768418dc75ca616d760ad907e2c15aab9da5a9e23f5422211c3cd7e646e9c4361f30b2f205e3d1edcd26e687b8c4f992c66d8384d07615a087c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7145422066726f632a071fb26e436990

SHA1
722a8a74e1a76bc4b2aa3f73da820d7a43e23151

SHA256
2db997a3ac1da6cdb2017f1823e2298fae36ab5a55c92f8d1e576b7b1f899227

SHA512
dd66dc5a3c87569a8a767f1c8222a8ca99d1bc1638f4e9f3f9f5fd44e1d18cf5c82b34e318d74f8d17c62b550822cede815616ad8a3cf220b34648b9065b9aea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
e9a5f24b81693d36ba73540d408cef60

SHA1
afcb6a7b115219aac9b2484324b5e497a9fabba5

SHA256
ed82923ed7f6f1be896f79ef15acfa783d2cc8d57af2a0fd5d7e7f03fc18fc9c

SHA512
f3c4c9125163311b6d895b9c9935e46851d2ab991dcc1f82942149c1d558cefcb1692e5b23b75b51a4b69158f63106e39f2b6ba18c4048044860651b413a7ade

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
27cd0a15f0b20937d4cb9d1a42677c8d

SHA1
b4ee815e7f02acbfcff8f799b07b4b2e39ee0c88

SHA256
6971d63b1d97edb3612d0bb8677afd78b7be274d4ee31f69355724587c16093a

SHA512
a9991d2b1eb5fe7fc4a1ba1115f0d946054052f3a4eb8009967b87cc0eead487ee0302b7176033e992f189c4fe5e3fd6ab8323d8e5e27fdfaf80216a3381e27f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5431d6602455a6db6e087223dd47f600

SHA1
27255756dfecd4e0afe4f1185e7708a3d07dea6e

SHA256
7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763

SHA512
868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7bed1eca5620a49f52232fd55246d09a

SHA1
e429d9d401099a1917a6fb31ab2cf65fcee22030

SHA256
49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e

SHA512
afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
54a48a6b5a2e0ed747e64b1414b55cb5

SHA1
af3f0c4195a2e9b69ca43a4ed4b148d2a8c5b422

SHA256
de64f5d2240262512fb0a121ead6cd38c22b5316e5483026b260494797a67b7f

SHA512
4d3d9edea8c3797d37a8855c6f5e3fd40a55f23361a97f54b1719a301aaa3029216e09bec0ac6cd68024694e6e30fcd01c043838e003c5ef2ada6ee50c25e2c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c9a99df21f358108a010cb61784be828

SHA1
08d24041f81ef6c9a6ddf01a2a46de4d5040c590

SHA256
5ee8753f7a1d10b51511a101a1bd8b2571d693b3dbff1a09c7f213d163af6f76

SHA512
623b96262afe9d8e6bf0abe4e20ec99915fd3fed71c7780d38096806ac21d6b2816875f957e7099ab24f1f891f36d1095e2501150185b8d1bfb30387c0c6e9c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b01f9e9b01e87fcd69fe0a0451fb0f5b

SHA1
d7ca0a98efb9e55298363fce06bbe5b4faa0d815

SHA256
1ffe5968e7ef39cb89eb125802e71ddc49cfe48f44f64a4b04de4591691eb18d

SHA512
59ac5aa7b76a9a729c17f033723d4469fcaab20eac9c057ca5241fbfb0c05c00e9539dca308398ceea09fc7f5ec672b1efb0cbc629e89066fbba7dd94a298d23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d791bfc7adf9ce0299a7b569eb4a45f2

SHA1
16bbaec2dc481b08a0dfac262f50d17ee49ccc79

SHA256
1f8a78f6d01eadf6379e15a54b26927c54234b288a7c8134960dc7040ad33edf

SHA512
f91be08b816653419e88d23b5165e5f99fc3fe79b7a17312768b19d1859c47de0aff582df07c75b06499083086d9156c62f3919249c782c5ac98d56f6933e6fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
23505c6dec9060a9579a6f2c64a0c908

SHA1
40b6357d0304b4545e9dd835c67c1bfca5a80a35

SHA256
8d595b6b27a67da360a9bfefaaec15f63d8cff1f0041b4f871476068d24e3ca8

SHA512
47345594dee3aeb760e15406fe1653d9afaf6605f48b36ccef7fbcf3d78a69cf27594f4b4fb5fc41e5b0d8b318e3cd11ff939e83f47556bf88294788bb39ee20

Download Submit