hxxps://drive[.]google[.]com/file/d/1YfrLXyHfsaHu0C_XAh05EOnsAaZF6qn-/preview

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
10-12-2024 21:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1YfrLXyHfsaHu0C_XAh05EOnsAaZF6qn-/preview

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
5	drive.google.com
6	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133783387530179417"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2860	chrome.exe
2860	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe
5016	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe
Token: SeShutdownPrivilege	2860	chrome.exe
Token: SeCreatePagefilePrivilege	2860	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe
2860	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 4856	2860	chrome.exe	77
PID 2860 wrote to memory of 4856	2860	chrome.exe	77
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 1912	2860	chrome.exe	78
PID 2860 wrote to memory of 416	2860	chrome.exe	79
PID 2860 wrote to memory of 416	2860	chrome.exe	79
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80
PID 2860 wrote to memory of 3092	2860	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1YfrLXyHfsaHu0C_XAh05EOnsAaZF6qn-/preview
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xe0,0xe4,0xd8,0xdc,0x108,0x7ff8dc13cc40,0x7ff8dc13cc4c,0x7ff8dc13cc58
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,14378876682766237,16457346634881929009,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1804,i,14378876682766237,16457346634881929009,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1968 /prefetch:3
  2⤵
  PID:416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2156,i,14378876682766237,16457346634881929009,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2220 /prefetch:8
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,14378876682766237,16457346634881929009,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,14378876682766237,16457346634881929009,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4588,i,14378876682766237,16457346634881929009,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4260,i,14378876682766237,16457346634881929009,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4948,i,14378876682766237,16457346634881929009,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4628,i,14378876682766237,16457346634881929009,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3248,i,14378876682766237,16457346634881929009,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5180,i,14378876682766237,16457346634881929009,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5312,i,14378876682766237,16457346634881929009,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5064,i,14378876682766237,16457346634881929009,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5032,i,14378876682766237,16457346634881929009,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=940,i,14378876682766237,16457346634881929009,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5016

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4920

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
61247f266bff03c8b504a66c41a3c436

SHA1
bbdcbb5dde957bd58b983f7c23cbcf13cf30628d

SHA256
deee694eab2f81d36c9061982d3a70d4497b6e6e61a6c94e9180a9e0d53839b0

SHA512
96d3e0130a584dadf7d4d7363bf8eeb1f6458c5570deb239b8423f4cf4432cca4c55c9de1ef2106cec68457ba1965b938f790f8af07bc3b023fb9b970e2fdc20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
df96284423e74c4f2c38d7247594ac5c

SHA1
5b977ee84ab5ae838e3498e0390ce50015b0c52f

SHA256
b0e9af7a07788af494bb97cffd6317055b0e459ce99744f5fa3dae5c5919c746

SHA512
ec078323ae179b03eae505ca77de5d1d1c3d384f1f06a6b1bc6ddb29308ad89103089de2f1ecbd8eaf81a4716de714a4418679e5e63278f851040b061110500e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
e01197ced4b33f703b13889810d16bda

SHA1
fc440487c73e232b438d38b327f3f50e6313d3ec

SHA256
b2a6f4380a0d19f25535da4f5eddefeac795ebb1519308399b16af375d6a32b0

SHA512
aeaabf877a5147ecdf3b470e10a5bbdfacbf8db38dd5f61ec7d1477bc26ff37c1dbc2d63cde2f1972b822176ca32208fc2305a903adbb2bf979a7771bdf1ef31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
81057cbf58979c0821405a418f1d78e5

SHA1
2c8fa51c834514cf29601687953e619505e82cbf

SHA256
21cf8d4dba94d6382744c5d03c762c9b81dda983d0eff32d7f1c19e9abc90148

SHA512
06cc66e6b0965a24a3f1993b84efc039d106e556685f773f12e02066edf8a895f187944c11bbecc9ebbdd39d65c4bbf495340b1508ba4b5b1c83ee6efe4c1367

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
d55c1f355106494def4df683a5363e64

SHA1
c5df2195e6e0ba3c23e6922f517c2739f20848e4

SHA256
88f7e32f97eabf42e8f4e670be74e7270a1cfb3fbc19a74d8f834b202bfc18c8

SHA512
18f39ab658886d36fcb035e42b0763f18401b5c356165b022d92b85cda5d89c994194d5ec74af3744d35505e2614b2901bc7a5d228ed6d201a55439f4eb6545c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
61e23bfdf1083a33e034538eb7d00573

SHA1
9113b0b726f6047ae29c094ffdcc0f49f6872f46

SHA256
de0b30e2a0fbc271d84f4909e80d3db6180d042bd9171f9899d9e1ee04b9562a

SHA512
2b72b57287bd93880efd127cb1462142606308042eab832aa4a541f8a312b01fa683be9139f9514ec96f9ddb288e5f1c14b65913fc1495352499a2a061e8a14f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
684B

MD5
b8cd209eb98214afa830e704be1330f9

SHA1
e587d049597d4dd355366e08fd5f83e70508e598

SHA256
7a2fbe326a851e89ef773b547718b86b958db4d2fb9bc5040e8c86bd0b1d8261

SHA512
6269419eaa83fa39c43fec34c59461c99fd2aa8cba96937898cc67c50dfb4eb86c5c70cc0a657840218494753cd0df90fa10ae5b700499f1549e0166d1898f26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
686B

MD5
15a4c084d63db6807878c70f347ea4f0

SHA1
082c68726ad1de4b4831013693db2bc2cf23d6e4

SHA256
299fdd71569c8394edde817595343255eeab8e655fa2fc158248c6a7be77818f

SHA512
ae2dc17cb74d92296f6a9b9cfcb2fba468b4cbb2b70d77bd5f5f05d6a07cd8971d38862347708b2183fc0e8f408bd8bc597882dfa9839b78ab57d696997abbb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d3cc5fe89d0e6c4659ef3b96f643bbdc

SHA1
061dfe1a5b6b71cd8650bf9a943f5a52cf971af2

SHA256
4427b0ac9e1f03b474aec1034c93d05134d4b74497ba47c962d52a1663de4e0c

SHA512
8cccce9b30f50789bb6c45e2dc831b3d38746a10304c222f31ec1170c8667949bcd0a54af157fb3193150b16dc57e6ca89fdf7d4033273258fcd8cb5cf9f43ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2eaf05ada706e0e714b9793fba32f9ae

SHA1
f27f5a8654e9832c00024451fa09d668920583e5

SHA256
80b6c46ce708a6c3561dd260e91eb4bb7c3994800d2201f43dfb66a6774c6093

SHA512
4512a2d1f7552d7225b29b5908fd6fcb584b29651dad5571ef4f5196a27f81d6a65e34ccb74b8e6f3a141d347f800e5781e171a5988d9a4c8386575c3b98ddbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dfe612f7c824692d77385f8975888e0c

SHA1
02b241637235e51ddccbf8f7ea696b55413bde0a

SHA256
717bbafed6f39745e2d33d0591882ab099ed08de9c784a2c977d49f54310300f

SHA512
98173a0a186fabe4e317a635955458ba0736e0d409816eac1ee296b54584f0a46ce196c72e15c616c5efa4e9a5558f7a9d253c2043520f3fe4940518df5e5e3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
791591cebfe4d6452e67ddd8025810e0

SHA1
1a54e35444442de019c2c1972748018cca3ecad2

SHA256
e322bf6b5b564bbb505c4fe9a64e88eda19104151349b8b0b048c769353b99ba

SHA512
978381dbadd1f158b82ea0a48fa3fe55f2daca4a1cc8ef58e3ef3f123a259a726f4f56d5c3f68932f10990f701dcb8cf9e909777fc94a2ca7d6a35fc05a48116

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
703c88cd5f37154f0d149746b2e7c8bd

SHA1
bbd7cf7ae2918af96e798dc37582ca2e6bb57183

SHA256
dcb36221601e5eed5881e77f7ef8eb0ba0e731866280731925d1fcd4212de10f

SHA512
123cfdc77017bc1004829177dbbed6a2ae591aeae031eb2f1d5796cfb6d30a9c8541ee00f8c068bbbfef0b349d9f51bc377c1a4f8c0392eb7ca13a642c0a2f37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6ff670bd4958d5d111eb61bd83352587

SHA1
f8d48d7b5be8dc882a7d27d95292b8a910a9a00c

SHA256
0429fbc40c36adf3999b43e6b3683c58941fe8a85f07675cf4325341844352d9

SHA512
3ae3b022f8d424eb51336b43d705e282e75f14b88b5929d44ac391650e37cbd99a726a71a32457ec503bf4e9b9403f74d435d5b9d699e424e56a9d9752119fcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ff7033addbd904cad96a5f1df51a17a9

SHA1
163d2c6fd3a20105c060dc2d7d25d2adf0d4f7b6

SHA256
81f103c62bd0f6bbb27c28f48cda758100c1387874cd7a684189fc758f42feb3

SHA512
aff52b17983f75b26b79720500d7014a84667e1d8c6b9755367b80eb0321aebdf140cf78ef3cd54fed880dd5c4da8478b0467b63b6a21253cf1a5b192e7f7f00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
22ffbe538000f6a76d7f64d30179e018

SHA1
8f6e54c784895e105c1d7a622ab44621f428d875

SHA256
a9fdc68dd51f346bac320e21be01867a6c75abb90c427d3575b4ecc1004805c3

SHA512
38632e8df43c6f966a7b18bff7c1b09ccea41c99405327f05cd9f4c5b48a7720053d7a5b3b94c516cff52f063fba72c0bca046002371ea90e23f5fe4ceac7628

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d4c7190dcdcf129f29d79a8a787bcdb3

SHA1
945367b801d5c2b7e0f563aef8ef9c94ff4ee5fc

SHA256
37861aa2c28f05239c131e0fac849595a2203950588fbe57e76f813ae3cb3baa

SHA512
40b5f2a585f600e63078d1c8789e72397aa284aa7cfc524d0991928eac7834de2798b9ab51b1f7dbbb98c1c5e7975ed22e699c7e4b9c84a9f1b4ad167c12d59d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7762ce3933959439310f768a598604ae

SHA1
e07fa9aadba518d933d414bea19d11b770a5bacf

SHA256
30e411db24798591afcf69046adc99b9f9a20e8e2c4bb268475badd4bee150fb

SHA512
9522a4435dff502b2dd235c19345f1267d5f33ae11db9818aae48aa2932cc3ebb819ec873071f924188d9490cc2bbebc4b526c8d1f0eed22d2fb3a127ca94d8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a6faa766b541d569220fffda2434eeb9

SHA1
bfc6dfaec76243d4a90ddd30e75167ce81b5cdfa

SHA256
31077589d383a68bb0edd639e246a0a3fe22a62b2957fb94063fdec6dd5b250d

SHA512
b7e75ca20716df1bb82f82be0ac858e59d62f7ba4f9038265715bab172d09664fc73dee16f7d843228e3c7adb774db9b73735ab0f3e1839112de5c45d3da7c68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
55978bea833540ab3a6fbd39b314e773

SHA1
4b305986a5e45c434a26fa16a39ee457ecc4b247

SHA256
c58aef71ccb747cb2de53c352c7563c8f6c64dc2297d399c909e918ab980bbd0

SHA512
2ac25a4b47a0c5f501c092f424a53e86a3e4da56931f872a2314ad08bf4e3c6cdc6cc53abe2d265f0d7a2a41d0e5f19cfcef375cab37bd54706644ea9c0dcceb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
32c6810457ed7aa4e50f65608d69f25c

SHA1
51f60172fdda722dd1d656fc52f852b99d8e494d

SHA256
41c551d44a4ccb1d934ba6b78e5d939bc82f35bb88c239412684c19481805203

SHA512
d1939122240f2954f1268f1de96a275b3a2753e6e23c484f5a121ef03e8edb1480dbdfd3d546b8ae01a529c59e59822bcf070616d9661d781ebdf1572a4dc078

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
3a1ddc101a683de789428c73f9a07c66

SHA1
741d56418d81711dcbef99d83993d67765c67b45

SHA256
4489a9a58f9990e8a460c6374dd5cf6a7cea37364a91390dd6572bb4886c9ce4

SHA512
537aa96d7b02426baa6fbebb7369a473fa414ac4c6d5cda9ccdaa952edd095af0a27c269f23e97df21619c706777a9ad617fb1a26599588bb751fd9a60781ef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
120B

MD5
1975e563ea531de61eeae9448f5e8177

SHA1
a7fe1593216c6017528cbc6b75d78aef1c664cce

SHA256
ed00a6610cc8234ad64cae24ce89dddf4340392120deff223206302b7783fea1

SHA512
d83b5d64232a1cbfbfcadb6afc17a80b158921d425f216a8e3b6163dd05272ea1fb1e79508d73750e1d0a54ef4b900e2859caafb713fabd505b579fbc5f6f10d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
3a4e9d49e2698efeabc80e99cf0b6493

SHA1
476dcc2a396ecbe369540a5b857920e3c5785365

SHA256
96b728fc80c4109993c2beade289c8dde41d5ad5f59c218a55e5dcfba8274be2

SHA512
b1635fcbba5d580d90f4a96a5de1bbc464d51f3d72e0ade94152cc8079219dc0de8a403489e9ecc97d43c32784eccf79029ba6b7a65ae6c2f02e36f673a916ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
4d0a3b49f74917654c1f726d078b93b0

SHA1
d7a72d425271370a73b3725dd66c55e67d720479

SHA256
14cba7306165c281a48b7221afb52b7e22ea012e379425cfac23a3f38a0e6982

SHA512
2b231ea9292942099d64086fdbf45e1fa728d2c040fed535658a68a449e5a5aafd2b466681c54be0c57bfb09c4d6d9ac86a06a947e6c2dae7dc1ff154760a2fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
f81bc4dd43562e8a0e9d5eb89783eadc

SHA1
f448001eb966717684afe1c90476d5fe901a7b7e

SHA256
ce60316c13f6658594cbcba3534c214300371af847c2721de7386d6821108223

SHA512
923c8e3f1f3ce6655c0c808d5fb0dc986ded96056c0f462ed676a6c6c81ba6651e16f35ab33c50d0089f23e3ed0807f637e08eccc84e5c2ef2f1090e9e9e69a0

Download Submit