hxxps://drive[.]google[.]com/uc?export=download&id=1Rv4H3o7kGm35P82XGWT2SnYecpZQhqqU

Analysis

max time kernel
299s
max time network
266s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2024 06:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/uc?export=download&id=1Rv4H3o7kGm35P82XGWT2SnYecpZQhqqU

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
8	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133795804089890957"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4048	chrome.exe
4048	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe
2128	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4048 wrote to memory of 3508	4048	chrome.exe	82
PID 4048 wrote to memory of 3508	4048	chrome.exe	82
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 1856	4048	chrome.exe	83
PID 4048 wrote to memory of 2284	4048	chrome.exe	84
PID 4048 wrote to memory of 2284	4048	chrome.exe	84
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85
PID 4048 wrote to memory of 1216	4048	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/uc?export=download&id=1Rv4H3o7kGm35P82XGWT2SnYecpZQhqqU
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdcf16cc40,0x7ffdcf16cc4c,0x7ffdcf16cc58
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2092,i,13317556816841036973,16457589012355180809,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1796,i,13317556816841036973,16457589012355180809,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2124,i,13317556816841036973,16457589012355180809,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2264 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,13317556816841036973,16457589012355180809,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,13317556816841036973,16457589012355180809,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4756,i,13317556816841036973,16457589012355180809,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4764,i,13317556816841036973,16457589012355180809,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4888,i,13317556816841036973,16457589012355180809,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5256,i,13317556816841036973,16457589012355180809,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5284 /prefetch:2
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --pdf-renderer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5432,i,13317556816841036973,16457589012355180809,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5152,i,13317556816841036973,16457589012355180809,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2128

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5080

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\153e235e-b1d5-4433-91d1-737dea2e4b3f.tmp

Filesize
9KB

MD5
14ad8e80d9540873713884843481a931

SHA1
8fadc64eb0b288221f0c2cc85ca0b39dc56acfeb

SHA256
b0911d93e57b7c8d7c3ba1b9ac4286419bfa86b07c48c0ee9d4b4bfeb4912f91

SHA512
d1c3362955789271a4bf9378b796ad6d4e44b5f3550af0fe0baae07db0f80d9259be14e6b68da968bbbea6b70575eae1c817b1e88188144c7b3575b87647307a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
dd103d1e8afef59c0752564177c78c84

SHA1
3207c58db051663845cccc1571af5b1ece89432a

SHA256
040c50eabf35197c2821fd01d59f628e854916fe5fc746f5dfc34fe1d1783e73

SHA512
55f53b4c4a42d5ca0fd468463c24862d3ef8f44a676f3c9a8c541b094582c67f396a77518b20398f88731527d34879411ba183c05074e59c197c8c507958608e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
68fcb3d10e030325b47168282a49c1f9

SHA1
8d29167d040504c6f4d92d39ae26c38d7e490d1b

SHA256
385886b1c56439c5a9aa74236f8f7c77a6bd7faec95ff0ac06133916cd98bbe9

SHA512
44d6caf64b72bad9eedd795dc04ad6339d9c1f8eb19dba248eb63c72f8771cc0484a083fa019cc656e408b4c192380cd7919526aebec470fde3dfc6c98a06fe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
974a9c93db4acff79e9c4fa17b3d2492

SHA1
6e77fc5ce897aee4a4bb1a42e59f0eb79f8a532d

SHA256
4b3d4475caaf8f08032f3c6cdf78249e86703fb939384816946aafb4e5627fb3

SHA512
350c252645fd6de71ecfbb6111ae831e8c1fb030ba2e788736626412e0c73f0907ad6eddee8e6349d00f19dc2ab3b6b39de4b25b670be99e1a486f680bd63567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e00a4396646ff409857751ab1abde2d8

SHA1
125c358f612c4b65c5a635f4ed8f103aa0873754

SHA256
76f7af12f88e9b8193eb208eeee24c6218002460eb6dbc63e6c688df4b96d2b8

SHA512
245b7207fe6c98bafe62e6036aa076d0f7a843589ddb06ffdb88c18185e86cd5d9b4288e063128188fb305ce8736cffdc2885c2c27a18825c7b62a9976a60c80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
ecbaba7d732c9182453e6dd34967cf04

SHA1
669d584c27c025f845fe7f5163c9f50256df964f

SHA256
75b1fd719919b8cbc9579b46844a1ea91e68bb4e4014f5ed71248cb1c5513601

SHA512
7457ac6e7350587edd31e06714a42e8638785f436ec6077fa1ee6cf38e65be1e306e821e7fcf7f2aeb76da2c8ae6a05b1dee41c34556c5e488af6218412d96fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ee6078cb19042b18c17567ccfcf8a754

SHA1
a2f22e35d451b2ddc38fcca509d247df2ab8bded

SHA256
8bf7b3d2b153a39ca90a9a4889e4a6853e37bd9c2cd50fb1e38c43a682416554

SHA512
63c544f3b700cc6918c08213498d5aa660ab1837596a2a7a077d871705ec0a17497897e5e5cf77663b97771114cca6e7624ce3190766c447202c0f12fe193f40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f428ae04c3f003743121467babc371a6

SHA1
82ca9a7f9ae4c6fe380221fcef8f5d794f51c0ef

SHA256
6d4c4cb4e430e8be4ca6e8f58bdc9d3592b8bc90cb2ab35904baba97a726d57a

SHA512
a8eb8139da861730e1a8887c08edf709b0f91074567c65853123316369d644112276257f513b40b7451c98214ee18b620999ccf3f39eb2bc22f2010886828e8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1613aa3818188531f54dcab36f443552

SHA1
96eb08e657cd6ee02919210a6a19bf32e013ff61

SHA256
8c30598276ca19a8a52ed05047513a3755eea1d587880adf0877120e070af28c

SHA512
a6ba953518e6b61a75b566f035d9abeb09cae01800fa02a0c15411f4bc9cd730b4fe97b33530b3b64bc20a479c289bf6b580583118889aba48a0fa59c00e4b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3c27135a5341e3b37339b3cd08e176b7

SHA1
3d626c7938b9182b3be42e63e00ad3736889d44d

SHA256
9577242217f17f4f58cda541c8ecb2b64e42622e24db1908d85690e4f4031948

SHA512
d182d32f23d29f4b0339eb444abd6bdd48c093456924f8ab5237afe62f27a636379a57c65f36317c2819542d47f861f42b18b415eea581c3a4022dd029387883

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6006114b840e1f60c83fcd9296571ae3

SHA1
beebdd66661dc98e674b0a958df6062a45b40c4c

SHA256
0d46b8dfd6914899015fe7d84935eba9cda5f42509002f95c4c64786c2fc087f

SHA512
7c84ad6a600c8d3b69591a956a689ef04420029cb85a014c02b9590cf7eda09e906fd24bba3395892d7f3f8639c4e3bfb82ec1b8fe18292031f3a9fce603d997

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8c7cf20c4ee618625aeaabbb0552653a

SHA1
d32cf645af4522cd58c5bac1e43335e28925d6c5

SHA256
b888ba07397ef39c1363c05cce6105995e00fc608c1c0ecedf6b30669ae07762

SHA512
b8c430143043ac0dc8adaaf3103b8fdd12934769eb1ad55164d871fc527bd4729f5314eedfd58be265f404fda6ed3bf0ecf8474dc328924ca971e97c916d3269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b2675326b4897ba534772036fba7ac96

SHA1
3beba4ae3b5a96808a86cd9d65a017f9b4a01216

SHA256
df9b5bd8da9ea6d399dda9fa15b8fdcce5ea9e5008a582a14ada7809ea2cc39a

SHA512
aa28c61ebc9517e795ae902d0dc170d514b8e5eb08e9c9868b630a69ff1313f786e3c7480cf962b9cd7896fb8f0846a9f6065e1e4423e97892abbad8b15dbd01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3aa6647fe57743e1ac9d848890cd0108

SHA1
c78b5e72b4843306f243387ed9fa47b262903df7

SHA256
01ce2c823b955cb261f9fc3dc468b58d98ae04dc9890d2643a9b02ee7bb4016a

SHA512
186941a8eebcd1c08b1bf3a5fc2251e131fef7c329a0d2423efba332cbacafbfc242c966d3a34690d7e9cf01deb4729fc19994946b01c682d7014dbbef210474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5be79df11be269224a93892494b30606

SHA1
87e752943ff6778ac8cc9448c336a6d0b1523c30

SHA256
5a76725a1e7b68968475537a17af58c582150819c4294ac3055b0e9a6c9c4205

SHA512
13d584d6bf6e72bd22f3ccfad4fee6138c79db688746a4e201cdf4842afac8a72eef105b9156bff58c974f4804d852711e67e65baee2dd54bacca488965e7b68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7a68b528444ff3d53fdd562df52ceb6d

SHA1
d55d779a60eae9bf9af87dd80b1b700d1cd15060

SHA256
61fc288e3f3139314e4b1f079a5ca9af5759bbccba77d90c1b16e7d2cf13f1aa

SHA512
d2262b4e1ce47f7dd77ee70e17d001211be3306239d606d6c9fab595c7cbfc8b6ddcaeeb4c7e7aa7e69791d50eb90065a747e9ab98085764955f4c07599408c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a88b7c04c1ef4110a3859278a6de89ee

SHA1
1d6364718ab45fdfc738d76f825f522c8206562f

SHA256
041664f13284de4666a0335ed583a6c7974615bc91265cfe1c071c95cf0c8b1c

SHA512
d89a74855fd1f981d1131395f1e165903e9a9a360977a1dbcfdc98e9346e86cb23c5e90acfe25dcd8e8342cf5f0df03967298d8a3a9b086b4ae5024b17fa46d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
605bb0a439a704562d06f2dfd6f26860

SHA1
a4703d4520da66539433241fabff205db2abbb24

SHA256
c5fdd57762d585d6f21da80852ae4aace3cbe0db852f519c7c1180c93bf63ab5

SHA512
70da92d9441ebd96f074474977dbb7fd9f4613cb20b176a0653745e8e506d4ef11b661bb872b0d0fa2c21126144173f90b892b0f59742e33f67ff33f7994686a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ef433563fabb644a31d74952a34247de

SHA1
da019e02357b24a9ee902a1063f185586f8c5f88

SHA256
0b8c81e632beb209a2674eab68babe17714f98891e903d4fc34263b499b11b1c

SHA512
f88bbc5ebe12f2bf7d56ec26eb1f968d063eaa1e2c047c5e0e96f52ee305ad1b7ff0fadecbdedff69adcb37c82cdc993420bd03529f868075d8d5b435c8c4c56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7b291b511cba2df002e2ffa0335d75c4

SHA1
4b95105428bfbe38b5cdff48226d611316415412

SHA256
0b1e09c492960eb93083adc6db243c0fcb9bd4775202a165abca738d23bf0b7f

SHA512
1ccdf6009aef29cbb44c3de5f8cea2e5a7865c6b416264ed754df8e81b86fcae0bf6b7e5dc382602722b90bdadddbfd3266162c8da6f8721273f0e04d87a6096

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
3d0bcfaf62b4da4757df4f3a1d5f7a13

SHA1
a230e5d3005b6c617b2c8613a1ce43fdbaba5fc0

SHA256
9772e2c6f732717402878b8653c99b74beb4fa4019629da113c3276f5b1251ca

SHA512
d171e36e59dcaa3429f475c2c70fa9aa95834e7816e510ef1752905e0ef386dc24a68b36678cf6cb2828617f3e4f0e1c64f9d138fc1c7d69d041818262933e74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
dd4d6b0f375756eeadc5e30bce33c33f

SHA1
06bc5e62d55c17a6646cec71e17029a842a73f29

SHA256
0da7a7cb2c4d5a3bce4c658c25be15a7f7c571d251eb4f43304ebe36466d72e0

SHA512
1d5c6eda319b1b22709082df4ac0b5fc04b6f5f7f3bd307a2de622f1fff9adbf98cd30e8079ea096d93917e8b21325cdee19086b80609b12d966b19de7ba40d1

Download Submit
C:\Users\Admin\Downloads\Kshitiza_Resume2.pdf

Filesize
52KB

MD5
469de339fdae75e28dd009d23de3339f

SHA1
e11dcb3ef0782bff4c99e3c1362f7cb9c106c8c7

SHA256
7eabe4d5d1481204598ead35e8301d56926fc52dbe3d84e3375dc476cb5de658

SHA512
c687ff4a90f651e5b2f20120ec2b52bec1e8c80aa82350f614fc421135cbbfb00ef180b99b4cf0fba51fd78132e00d9ebe859f2b0f00b46923c0e046238f7ca1

Download Submit