hxxps://drive[.]google[.]com/uc?id=1UxZ22uZAf7D-EgC-ilXkVYw-XfjH32oS&export=download

Analysis

max time kernel
299s
max time network
290s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
03/04/2025, 17:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/uc?id=1UxZ22uZAf7D-EgC-ilXkVYw-XfjH32oS&export=download

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
3	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133881735186095694"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
1892	chrome.exe
1892	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe
Token: SeShutdownPrivilege	3028	chrome.exe
Token: SeCreatePagefilePrivilege	3028	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe
3028	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 6060	3028	chrome.exe	86
PID 3028 wrote to memory of 6060	3028	chrome.exe	86
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 1136	3028	chrome.exe	87
PID 3028 wrote to memory of 2224	3028	chrome.exe	88
PID 3028 wrote to memory of 2224	3028	chrome.exe	88
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89
PID 3028 wrote to memory of 5800	3028	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/uc?id=1UxZ22uZAf7D-EgC-ilXkVYw-XfjH32oS&export=download
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc1b77dcf8,0x7ffc1b77dd04,0x7ffc1b77dd10
  2⤵
  PID:6060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1772,i,10067890590815997825,16732849633671064446,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1656,i,10067890590815997825,16732849633671064446,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2352,i,10067890590815997825,16732849633671064446,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:5800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,10067890590815997825,16732849633671064446,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,10067890590815997825,16732849633671064446,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4420,i,10067890590815997825,16732849633671064446,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4440 /prefetch:2
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4700,i,10067890590815997825,16732849633671064446,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4424 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5196,i,10067890590815997825,16732849633671064446,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5540,i,10067890590815997825,16732849633671064446,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5556,i,10067890590815997825,16732849633671064446,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:5972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5224,i,10067890590815997825,16732849633671064446,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3876 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5384,i,10067890590815997825,16732849633671064446,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4548 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4592,i,10067890590815997825,16732849633671064446,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3252 /prefetch:8
  2⤵
  PID:5200

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3612

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
844754a235fc486fcb1cf1408b044ff1

SHA1
12f0bf8d05dc7f7b2003da37e9fd53b4adafc340

SHA256
ac03032a8734a1b942298f05995ed6ad2d37c053eed8675a7421af809727cb57

SHA512
f453b5d684a5a52f6800a82cc8f129188e8273231a54e58821de72b4f3729c93b77e5cf594f98ae001b25f7b47361d46d0eb8ef8f84f354eecea065d27368948

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4952c081d2e68ee752a1472a5837d8fb

SHA1
0cf95bb67ed41464209821183d182544d3ce2948

SHA256
808dad7c70512a0439a41e8aaa5a0c909f82eb970d0b57edcbb2cd9365603619

SHA512
90575d809ed3c0958d198444e28d1ec23116fa11f762dfc73daf6795da4aed965200e0a81885508ad2daa779dec45b010f076a3454286b4e02486b659d9673e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
69467e4595abe0470db32a703533ade5

SHA1
c067aa7fb3e0c878f5c8b5af004c40946192fb60

SHA256
97632ec4719c2554c0933713223baaa3216923350aad41e4aac8dc36bc010a1a

SHA512
74505e7f5bf3a6cd108be34ecf67b8bae6b39e901fbe20ffd326dbb5d9b718974c233451d11f4a096876282aaedc6203e1579a4230f481b5d474377f44c556ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f7bd429fd8741bc20871bb4f4b55d7db

SHA1
ba015e90b44f0284b86e00c00b91c607898f74b7

SHA256
41f6d71da54a66a8e94238c511728ccd24da1d4ac4c8025df81d41a54f9cd124

SHA512
61799ea8c2e6b68285664f7383f5e10aba7372c1bffae3320ad11f049a7aa51d2fb8a204a33f87596a3a694cfb66e0f20334bf5107b1225bbafd62d519cea842

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fcccacd396320ab0f0d736cc1277a4b4

SHA1
e99b905857801571d2b58d1a7c10c924b447869f

SHA256
0ca1c18f6f055c26e3e36d5fbdf1b8dd0faa0fb27d50643dcb2689db8a69a153

SHA512
8e5b44ca6730655ef486527f5828c0fb422a70a7c52d86db5fa4f6a53bc8cfce30554ee6f76794c067cc0c5418d12a5c8b76061e7ef9fe7862a97b070a3e13b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c3aa7721cd2e06bf27c1b739cdd89d47

SHA1
f57f8ae7445552131877a4053f960c3fc9c17f25

SHA256
e2d165a04bbede0f07edb4208c02f4d93bc16cf4430362851c94a00e1eba5e72

SHA512
7af6dbcf0abf7558593c4790cc35e4b0ec31db06162bba15d56460ddcc20a74f3262f9bbfdc799001a290d52f12daab4c2787f66340484bf45b4ea054656eca7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b96c1ed7fa9b3fd5a5e5f2dc33660b85

SHA1
104296754b341f1846caf22480143b045963e29c

SHA256
9270ac2d24d4d5f1b88369d237c9a4f8c2eb0803c2bcf90fdc46cd4021c19857

SHA512
beff75280d3071b87d9d75a982c4454a263a79ad5b65764bd598fb60fe5d1834eedd3a40adf7fa9aa11d1a42cf13419ec6d7d967606abd721f8e8f4868d4d94d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c133a25cd9b41843bda75a2a29b96c71

SHA1
5040c145c4dffa2b20e8b657ad52a55a5b269b06

SHA256
c6d92f2f4c473fb1d0c8225951d995ec128cdc558ba591e265684ce62b1448ee

SHA512
f88eb26f0e6674595505c67336e6824396d69eb3f0578ac11f7da17740a43a5a3e5044bc7972feb307953b6fb60e16983fecc4bcc426eab26770d1ce08fa0d05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b14e.TMP

Filesize
48B

MD5
026e68e4199041682775927702109b39

SHA1
d3301f5428d6cbb4897eebcd3c0c64dacb63b078

SHA256
f90b6ed6123a44dca215caf9a98fec02516cb1325ce8472ff644153548342c38

SHA512
d809b251a6c027c11c60969ae45e1bf6c326e2b2e622251a7ec8ee7e6af0c4ca9abe35681b44d90bca526379cef801e0be019986ce887ab7d638c16af3727d5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
8a26dbcadca0754edadbaa20fea8be49

SHA1
5e1abd451ab6195f5a87dab338121a3925123605

SHA256
3272eb1014cbd1372cfdf1f140555b3f9fc783cb592ddb75c13ec2d5b52f2c85

SHA512
daa7fdf89dc4194294ee61ca91136b5f1935094a7c4e900916145c68849652de2a8b77bd0f3987b1742f3cd2c1043af9e00e9d5b5bb046c1dbcf5a96e9c37ab7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
29ee2cecd686e8eadd9afe8a2f1b4e2b

SHA1
786d04a7696bfcb2e99cfc8e1e0410fbaeb21c7c

SHA256
fbc3008a99800bc2ac4a62a2a1c135fc0296580a88a114d3cfceb8268c567b0c

SHA512
70decc85de0e8701efaab683fd26b5a1392aefe958c302035926cd6a140b2ff63da1b35b6e502b16292257c245ce527f4bc615c2d733bdb05d182a53b4f01256

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
b8b6df73e8f283ef47baa88ba720465a

SHA1
12513a2c117138f876e9a251143905da7f77fa1c

SHA256
9e73ed10f850d34eb8edaa818dc553b59d552cf891fa9324813ad4bed962230b

SHA512
878d58393af3d8d74f98aeaec857d547a62bc22f80ab52b761644e10c2b8a6e98283154f64a5a53ce3432c94eb0603ddb821dabb0ddcaeb8b98724c9535f18e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
e51030d5a589936be5dd9eb9098b257c

SHA1
0abcfad522eae4509befbf16522d6a6109796853

SHA256
278e7a1beb07b301e6b9b48d6237b798136eda00249559d307e5e92d78fa031f

SHA512
1b7d0dc7aa3b0b7a62710579e4d024b0ee02302d1425a28f3864688a6a4b75daf7aba20de1525abfc015763a5c03378b2fdf8e99a7b39b0890932ae5c0eb9f18

Download Submit