hxxps://cnrefs[.]com/?mglupklg

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20241007-es
resource tags

arch:x64arch:x86image:win11-20241007-eslocale:es-esos:windows11-21h2-x64systemwindows
submitted
21/11/2024, 18:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cnrefs.com/?mglupklg

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\INF\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133766863624922184"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
112	chrome.exe
112	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe
Token: SeShutdownPrivilege	112	chrome.exe
Token: SeCreatePagefilePrivilege	112	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe
112	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 112 wrote to memory of 5116	112	chrome.exe	77
PID 112 wrote to memory of 5116	112	chrome.exe	77
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 3772	112	chrome.exe	78
PID 112 wrote to memory of 456	112	chrome.exe	79
PID 112 wrote to memory of 456	112	chrome.exe	79
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80
PID 112 wrote to memory of 1184	112	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cnrefs.com/?mglupklg
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6223cc40,0x7ffa6223cc4c,0x7ffa6223cc58
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,3451823529657421491,6944535486709309968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,3451823529657421491,6944535486709309968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,3451823529657421491,6944535486709309968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2184 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,3451823529657421491,6944535486709309968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,3451823529657421491,6944535486709309968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4440,i,3451823529657421491,6944535486709309968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3808,i,3451823529657421491,6944535486709309968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3804 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3232,i,3451823529657421491,6944535486709309968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3220 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3268,i,3451823529657421491,6944535486709309968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3508,i,3451823529657421491,6944535486709309968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4984,i,3451823529657421491,6944535486709309968,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4504 /prefetch:8
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3948

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3928

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
05b0bbb9cd0eba7a46348d6c6fb55825

SHA1
6fba43f61cab2012ebdf39519ea31263b9e88636

SHA256
ee9c08c1dbf7715d7c0115e4d7ed449ef604f9f354bcb5bb820298a9e729c5cc

SHA512
bdc174c12f0f9f3e29d92352d47262ab1ce8b22ce7406481fab6e4f8a941b0af1ddad84566fd32b0a32f247078e1775fd908508bc272ff378cfdb0d2e6cdee05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
afa571dd38c8220c90c9297dabfcab59

SHA1
af4105adeb4461fe2f562943f9cd9bae50cf0996

SHA256
3174a20bdd26d3f0f9d4b7788096c25dfebb66c968b339f510ace83279d64416

SHA512
ea637eb5edd333e6f8b8cae31a7d7ede59abd0bc4462ef50dce13e052506db2b971cda910d0e9282c3602712d73e64c10ac5cb2504702b5577145445c9054d11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
06ddf949f0fd51b1ea13ed78f575c114

SHA1
6b20d122c123c61ecb294fdbb8b313dbdabba2bb

SHA256
972651e96b9ba33741d605f114415880f663aeb886b2463ac54a9d22ac141acb

SHA512
382796574810132ba070830a5b8f364cea9d2c2a9ef3e4bb5c1d61e80cb069f75bae86246aea05aff4401899860bbcf9f58ab26a6f1cc00c0a8850fea43cc768

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
32bf68c9fac643b8d668f99ab7a2d812

SHA1
59d9e94c2c17f16dae4356d89581f50b4ed5c7ae

SHA256
9de0cf53fb24e8a58e155ffc4283227b032824f835e150f7fb3760d8553902f7

SHA512
6fe58cbd445ff3434d096eead1d9abb5fd902296e5e1486f31756de2d889e45a2deb474efa8d4e7bb8134f7fde5c60dc888747f2d8922caf139368a127771b98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c86477b6d0aa4b7ebc9e168adb0bfba9

SHA1
027f237b4cb2c68b0771d9e84ade2b14f2f1f72c

SHA256
253ebc9170f94f7aad19aaaeef0a50e26eb3e838212436b1c47b7b0fa401389a

SHA512
21225b504abbcf031f8a366b1eb08303e1245fcf4e22bf03b8267fbe5bc112c45f1b7a84689be4368fee9e8d4ab5f8fe3d15ee5ac00a8eba5cdab8927de784af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
26ab0f4e0c6144e7bcae7115102b8d81

SHA1
8d7106aa4705ebd722c2a5ee01957bfb3f6b580a

SHA256
95440c147bdd862e9d301f8b3836cf5b6c0e9fd25623809b00da706354e7a456

SHA512
50ce2b82b020b97904dada77878271031ba6cc533524acbf458aba45693a0f3e9ad5908544e1869afec4f5d444a86247cdc58b9b1fdae0e0a0a29882a5f19498

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
08eb01bfe3cb62b023d91136b5bd87b9

SHA1
cd92e1a11bfd71d3fa8d8b79800cb87c150d447d

SHA256
40a4a0e73c801c1e45c0f47a8e211a726d09161f2523922c5d38859bc960edc1

SHA512
b5d149eeea0d83ae0bbc7f8f9fac665a9fc92ec5fd05066ceca8bad05c400df882c250d88feaa0873b4d37119d86634e2e2213992a04960faadfe92f43e1c14c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
44877ff3cad5762038cb8df8b5b40067

SHA1
7e6387c0bfe2703eec83bfa6ace27a707ef6aaf8

SHA256
4de32a34d7d2e28e1367333a361aeda5c608c247fc9b3b83a1d2e9db1703c0af

SHA512
8bfa0202dbb6083443304f3818a9240d950f21bc3666f69ba03b8cb1a8448f246550b7830ee1101af76ccc8c82a2e64a964c05736c30ce9d3e461291f59b4d34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4fcdc409d764afa75d0c1cc0c09fdfb5

SHA1
b639c5a1becf816e33ceedd0ece9c4d88bc5c84e

SHA256
72e2e0ae0874d7d69ac3c17cdc4f3f322354e31dca04e5ee83c937debf0b1eac

SHA512
c9a8f2fe7f17aa212cffb64b081e34126e32e110ae031b5309c3cf017ee2640f87c4b83e136447b8f8df4e190ed19b710d82f315a13b07d034706b488ff707f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
95c8a4c9be395177a451d19aeea555ba

SHA1
6e4df93ed61476ef6f1ca0c63cc7e6a008affbeb

SHA256
6139d9a31dadcd524bbac0de9136caf76ba8ae6a0be36beb0fe40ad371c0f94c

SHA512
9c874b9017321f82b63dd34f3dd0eceab4dde8f2621c668af1ed32258a7ddb3da5dc383c80c96f737fcab6bb941971aaccbdde08cd2d56ab1c808b27c9d96ae0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
39f59b55d99d471b730e44d521562d2c

SHA1
840ba5af91fb75f433f87cbd36271628db964da2

SHA256
908035c6873487230ceaf9ab2087cb8789da4131765c7e388032e50ef14f6c31

SHA512
483040ad5ea9e3b1cab9c3c391ad598fa23e06df75705b3fc7a5172448c46978a1ee6c4aae0675891e42b75047512b6f7f6958e0e12508571a9686809dbdc1bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
13e292db33d09de65c1ce400eeded17f

SHA1
cf84f073fd7d18265c42286aa856a94935023ece

SHA256
7c074c25f6d64d54f9af73b378e8b5b5b81b8660e81bc7f6233f9d720392251a

SHA512
ed6ae835eaba0a19640b7c02ef2cc2560763b5fa4c988bcb19181d8ed24e73b5283cb2ba644a15a0ff83bd5984b69fcc1fd0cf1d742de967e290a545f400e78c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
477dfd54d42813984e9f2bcb7d33daf5

SHA1
6f1d26697dda882af7f3e698de55fd0d96a61ec1

SHA256
d14368b04a7620ed1ac18c2fd03e14763fe5876d7c0a071cf5260a227f131b87

SHA512
3376307f1db6944831d2495d09e76793fc6f7a2686348081787a74896b1039338e7352fe12b14540bce1f5a30869c9316e8b04bd09eb1969eda6da7ca3295262

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3ea52b04a659256225ba16a299dbf317

SHA1
713db7b527f63c80fbd2791fb361da9604c053d8

SHA256
17f405cd4122234eb57fc18105e781154727aad61ed9ddd63dcf6e58161f6aa3

SHA512
d3c27cfcbe58c0c5f723271dbbcac048494e5878f5e8205fb3efff35b9b56e0af7b562f333ae66f8ad2479bc4f711bd93b2aab5385867891bf74419636811e31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
179d72ff603c2e17e4817297a8b2ca63

SHA1
dbbbb99ea6c78902034c7d55736b9c0816ab9190

SHA256
0595cd4b491ae1ddf931228d9cb58e8babd0f1f9625fd5cf6d9af246f664e48f

SHA512
6fb90311839a5301a458668b27952e4bd227231fb007f04b014a2994d643a46ba79eeb2ef249cd935a09d8bbae956af6f7d41ca77168d2ca4a7cd130505a8076

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
1328d9f0931931218f356f3f71d9a16c

SHA1
abf2752e896bb4a789bd4cd81df8a35b3e9fad6d

SHA256
26959f5a262d0a18b303e533bea1f4fd294cf6d9df2ce29483eb324bff9778f5

SHA512
fda3096517e2a95dc08a0d157332126bf7611852e653ab48f3dfa2e46a5780558e72b6a35bbafd56fde0f42ff28e0638c58c011df0dc6a6548e17c88568a865f

Download Submit