hxxps://drive[.]google[.]com/drive/folders/1BUPvpIj7yOpnfyKcnDPcDG9Kji6td21d

Analysis

max time kernel
77s
max time network
78s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-11-2024 09:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1BUPvpIj7yOpnfyKcnDPcDG9Kji6td21d

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
10	drive.google.com
109	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133760502653411906"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2980	chrome.exe
2980	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe
Token: SeShutdownPrivilege	2980	chrome.exe
Token: SeCreatePagefilePrivilege	2980	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe
2980	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 4056	2980	chrome.exe	85
PID 2980 wrote to memory of 4056	2980	chrome.exe	85
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 4508	2980	chrome.exe	86
PID 2980 wrote to memory of 5104	2980	chrome.exe	87
PID 2980 wrote to memory of 5104	2980	chrome.exe	87
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88
PID 2980 wrote to memory of 4416	2980	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/drive/folders/1BUPvpIj7yOpnfyKcnDPcDG9Kji6td21d
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd4,0x108,0x7ffe069fcc40,0x7ffe069fcc4c,0x7ffe069fcc58
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,2432541760008392658,9610351909469863106,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2012,i,2432541760008392658,9610351909469863106,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1788,i,2432541760008392658,9610351909469863106,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2588 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,2432541760008392658,9610351909469863106,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,2432541760008392658,9610351909469863106,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4868,i,2432541760008392658,9610351909469863106,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4376,i,2432541760008392658,9610351909469863106,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4528,i,2432541760008392658,9610351909469863106,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:1580

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2328

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
33ef243c1c0f247e5cc7e8ab02559467

SHA1
23c08e4965d3c0947863f1d84f15836caaa29ff9

SHA256
4fa16737d35064def34bcf041f785823ac04ee0a5ae5f1a5cc43f06537eb0b9c

SHA512
5efe439abca9738d50857d7b31389e7dc4efdfba3c8dc9fff1f34eea8e5364e639d1202a110ac234532843174247bb03a70cb1d74315dba7e1027f048ee00046

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
33KB

MD5
8d3c9ad0d2da7700f9f4025d78a020af

SHA1
850f31105791ca8120baf53e0c6e2407c2e46f92

SHA256
64bcc7f9c6d4b9ce6c38ecf0400da133c58afa82fc8c24ed1f87f27d7f215e26

SHA512
7ea30fb996929aa21a045b468bb098be755ba348b9339a82ca4b80644a002cc79015b4e664969458d03d936c692e0407520387e10a3d9d5bbd7cdd92986d895e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d72ac2199a2bae0ac28080dddd96d8c5

SHA1
7b25a2e8d8d3604b5f76c3c06768f81a19b12ee3

SHA256
11c11bb87e1a2101b04c37e23265cc2b6c2547267bd905648cb9ff41a702e3cd

SHA512
9c16fe38447fd1c02c027e421952200e993658eb67d0bcc316e8fa66a2d0e3f052e913259a1b0f5853cfc09ac3e42b53d030b58fcc6321f293bf44eff12956b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
5bc74bd3950b49c63e6d422b1a4580e5

SHA1
af2d90c82203545578f82c565234b24fb4e9f7b8

SHA256
49db0c303dabe18fdae433ab91d7fe9ff941ec884f0e363788df3882fd064915

SHA512
f7c673b02c3a9d0659ca67f8a025a3ee6456226df64770aa211e7681dfa87540c9dff90d978e2343fe0fb566acb14288e616b3c71d1a4366cfe0b4f9be997473

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ac9b379fddd2689ab3685b7afb528360

SHA1
0278d8d94b102e3ea9623f94aa1b380f62b63f50

SHA256
1f70101018ef65d3ce37a92f8a85de594c7c4002d081d3e820e1d1c71853ee3f

SHA512
8a9206693ba331cc3bef8a281d6892f3b3739a11c6658f1de9b1e8e53f2fae24571a15271f1dd27ea4a0184a42c6fecbde2d9a48632ab36252879bb2d33a648e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
42a39fead46af3b2eb1d512ac71aa982

SHA1
7ea2924957a2ca6585677cb67963c04713efd280

SHA256
b266b18823f7d1ec50c708aded79ef29f357add96ac4b56462aaaeae3f42dfec

SHA512
c6dda6aaf0d3347ec1d55ee1e0b58c9f2f15cf15029d72552d85f4bb1e18c9489639dbf296242e1f6099e0db9e9ce5b636b6b5c2db261b4e43a25ecbf1a7fe9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5db0c712af16f2e2c0f576515d3e9d5a

SHA1
0521d3c5851a2aa2d299d0da3a720ab7080984cc

SHA256
a09e13d0a91171f85a9a86930bde482cf6ef3d911f10f39d789ecfd42bf38235

SHA512
d6bd8900b546509ee1e02384c3c290a5f2f9d08f713055e6d66c447ae411985a4de391218930249ecc6daef470c6328cbe1e6376049d4c291539e75ce9a0591c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c715347cefa44ebcd179ce91cf0c49a1

SHA1
7a2bdaefc50746c14cb977c0b3d70428b9e0d194

SHA256
ab06b749f5139d4c685c3372a7db81740258200b32cfaf8e7cc1e2be60cae9d6

SHA512
1a45f4e218938356c023d45c284bb02b26784bd513838a2c9d08d5d059086f228d81c2ff1801f7d8b6cfa0363069a6dab1863d806e9b85e6042d276d2a678e1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7263f559da23afd78ae980b0a1623225

SHA1
a386040724d7e944f7a7aa91067a1615c07d887b

SHA256
ed4fe8e1491bbbb61d52aca32d49bc76469899cb3121e79d73f243010773470d

SHA512
8eb4cfc1d8b545b317af5b45f6162454172523ba4e0b42f55c2b2a6a1654ba44520aeafb849303a416a9f60262e8345657bcfcb6ed49ccd21c14c4f61ea981cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
530c9f940f713459f616a89199107cfa

SHA1
5fa66c47ba30d87d9c85f2a1fc6aa81fe5702ba6

SHA256
5cb18d5565360259ab369da78480b410ac6c09e5541065d7a61ba898a324621d

SHA512
1efb2ff17b7b8baf3b02eabc187a01db7130885ef2e8eef75ecaf6a1d9de21b7a2bd661fbb61d6a643d8d05603560c10771faf00d6d2396bfd172b939b03969b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6ced83de7892bda9e27c0b2fc8fd35d7

SHA1
88a16afaada54249a5969dfdab04f4306ef61ba0

SHA256
c00dd9f36b3cfa6531320743c5ebcbb64c73de688cd728270ea6faaece3d10b2

SHA512
bbee601143f69815d215123ec6d2cb32efc9a3d616a4de08dcd2d1b351bbf27ac904ab3bf8b20c4213531300186ec9d631677528d47157800c2c9b86321a288b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f61e21aa23b7a77d9dbe529d1bc7c13f

SHA1
b6701470c112ced25893dfe801767705d48970da

SHA256
f3968b73f6c75aaac99447a8b900aecae155d97dc622bd2e28c919448c2c62a8

SHA512
3e132b279a13fd11f1e317526c8d4bbca06b1ad3062bbbff526f058a89981f01e36356824dd7130e494620b471aa3484f31e5658574f4a7fef9e8923e186783c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
31b0896de119fb9fc8703cd8693d0b41

SHA1
01d2146c8eac582ce8a53938057021e5fbc0567a

SHA256
0506a2c3ca7a6226f26e46f923041722105a9fed7b088f774b142d8a6169a7d5

SHA512
1111cbfbf48e22b6baf33d13cd3112a3291514105a818703b577fbbed1a8cfe2e2c359fdf984106b6fb232a7c66fc8d48db6027a7da4995b1c225a9ccac13b70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6b20eeb2e9e8d0b776e4d10116701f52

SHA1
c3589256f910d4e57b4f34af60d6639fc40a446d

SHA256
45df7ba173e98067b16d4ac50a987749ea81a3b1c91fb47cfce0029ec6520c5d

SHA512
40472410ef3662cf5674dd810ef49c0b27dc833f9b207a89b0a91a5d24c4c942d02fa6c26f2b2d2e0c68c213d70bdbaf2e871847f2f80f30b5f2d52a6ad41244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
90B

MD5
e27be7852bd2419f1bf32a34a1dd3787

SHA1
4183f695e225b322cded5e11795022ea9098ce18

SHA256
45d35c262c222f03c368d3d93ddbe4fd9dede1544ab2e3a50940427472767004

SHA512
ec672fe201dae616c6816a20a41baf34a879939f87f965296e7494e29421ec08618eae20936da7d3fee12a47e8901da15eff0c098b1d2484bddd4f082f50c35e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
154B

MD5
223450ac942fdcf3ab501f671cb17d8d

SHA1
122f3483de298d7317b348d6f4e0af5a224fa8b6

SHA256
68a51a8ec8733dc0636e4a22f4c68cc1f09da8ca6f4a13ffcadceb1fc1b28e72

SHA512
db34b7e41a9daa3bb8f2bdc5eab7ddb90739f9343d50b3bb8a70e13ae7e6efafc8223a65a5fc8c902798fe8ba332ddd4d1f8118c60ae5a5ad31563ab1093b938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe5802d9.TMP

Filesize
154B

MD5
6e2d5d0ee93f0d7768f90e567e72259e

SHA1
219f530f3ecf1a0fb381f3aeed0a388a6d20db9c

SHA256
dd4a782e319a5afb20514f159a30332d51ceae4c5766aa5162f19faf674a143b

SHA512
62df543da92358fca1e6a1b6a91a911b11b3e03d4d8498e14d3aa8e703e8b35670105a88ed69f4ea6ca6d7cda864f85164b8d1cf00db7a166c4998742449a747

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
341881f120d80cfd173051296abd09cd

SHA1
d2b2717145f2a92a3cf2ab59a78eb6b89c23ba47

SHA256
500d0d968ff54273f77c92a8985ceda7ebdcda9010927113d9312b0d119a5389

SHA512
c13e9e31eed63c69c9ebabf9c5c05cd06a72d65beb829dc36056e857a1c17c0a826c8ffcb937fd85921808bf9e9c4c6c5cc96b21205098b6044de2dff13e815e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
7f52ae14d0ecc8c219734726ce641f59

SHA1
70d46c0493f45e4f95043e085f052d2413750896

SHA256
d3174591c126763a6790ec8c3dcd2b8e7322967fde7d39e7c7708b2dedf5e276

SHA512
87a3c524e005bd591e3b2dd78e6e7361e1e5135df42486df130c754f266ea999056b320d205da93167200abc49b3679a31a221ddbaf91af30eba12b518285ee5

Download Submit