hxxps://is[.]gd/aFeQHv

Analysis

max time kernel
299s
max time network
292s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2025, 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://is.gd/aFeQHv

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133894012638015195"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-446031748-3036493239-2009529691-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
1308	chrome.exe
1308	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe
Token: SeShutdownPrivilege	5648	chrome.exe
Token: SeCreatePagefilePrivilege	5648	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe
5648	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5648 wrote to memory of 4948	5648	chrome.exe	85
PID 5648 wrote to memory of 4948	5648	chrome.exe	85
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 5772	5648	chrome.exe	86
PID 5648 wrote to memory of 456	5648	chrome.exe	87
PID 5648 wrote to memory of 456	5648	chrome.exe	87
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88
PID 5648 wrote to memory of 5696	5648	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://is.gd/aFeQHv
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdf591dcf8,0x7ffdf591dd04,0x7ffdf591dd10
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1972,i,6194013457984040032,16086955823027427086,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1536,i,6194013457984040032,16086955823027427086,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2348,i,6194013457984040032,16086955823027427086,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2360 /prefetch:8
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,6194013457984040032,16086955823027427086,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,6194013457984040032,16086955823027427086,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4240,i,6194013457984040032,16086955823027427086,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4260 /prefetch:2
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5196,i,6194013457984040032,16086955823027427086,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5208,i,6194013457984040032,16086955823027427086,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:6132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5240,i,6194013457984040032,16086955823027427086,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4552 /prefetch:8
  2⤵
  PID:5928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5200,i,6194013457984040032,16086955823027427086,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5424,i,6194013457984040032,16086955823027427086,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4560,i,6194013457984040032,16086955823027427086,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4284 /prefetch:8
  2⤵
  PID:4236

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5380

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5368

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
e216b2d9f1c9c88af6c454acca5f31b3

SHA1
c774e2e9f7918283b965f5a511a89aafbb838ed7

SHA256
d47d8f27bf298222796adb035576a3f8e72492a636cacd1ad4e412df5039266f

SHA512
d490bc3074b70acc8dad25eab2026c5d9910850cbc57f8bf45c410c6023d2bdda51d476ddb391407959da5933f9064666fafb9204aa75d64d7289d036c01f70e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
dd42cba30fcc2b99d18f3be56715f44d

SHA1
7c919eed9449cd1d49b8fdb47725c9b18b0af2f1

SHA256
885824ec28183563aebd55b744b05ce0a711b7fb4c67652a424333463cb1753e

SHA512
88cbd81c8fe35f669ef982ab86594cfe8df8c2bfa2dad2ed6c635aa0497487fd5f5472b844fde424e96b79ee57e0a687c8f22a339e584728cebf18af21cdf8c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c91ca0e71db91a7b7d218b262bf15000

SHA1
6d43d1bad5da45b8f33097513591088ab8305c50

SHA256
aa6ef2c965a0a5b0df1055a3405f5787550f4ae3130b9f5167a6aac17b53f215

SHA512
871a11c97b0ca5fd99fac3b1a1e3273d6fb374d85514142716313416e704d364af40e8565833b4d62926fe9e4606d098428d16310b148b2ffde4c3b9edf97b02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
05a99c4d7ea9a353ff076d5afb7522c4

SHA1
f049eb502a21571cea0cb8fb0dad3a03a7f24db0

SHA256
72da2ffd654ddea60be07f026e925da08739b4baea8079e40dc72c933587f726

SHA512
13b1954eafce1a594ffb450da2a621a869ffcdca65a26da7490005b54c80d434fa2d05a03405af69daa601a265a5b8dc2abb9cbb768b1f58a64dc29d317b1938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f4c31e1267c5c5c4c3ac135387315911

SHA1
a9e58e5140742e0b25395e4eff2019e491c7e21e

SHA256
003fbe143f47ac9c60f6ec1c2c693e91b29ee65bc084f63f1b15c2e6b2067a92

SHA512
a7cb51df6648f818fefb01b9a845a09d8c630c56448eca38673f1fb135f69c5f7e19d1b92ee433ae098d4e0832e067c811e92d9dbabad15657113fe1ad96ebcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
19040e4823d7a042b7c3d911591d1885

SHA1
5f8120519c69dc5ee9ab70d0308f31cb205be151

SHA256
5d440b8849e332cd5cdd0342f65529da91ef2e12ec9eef301d5a59b6a38bb108

SHA512
d59c2c3fac644efd8ddaafc2157da77bb3ad54973fdfe6849e4dabee961bfa59fe46a5c919ab4b7272b3cc002732efc7e9c62871b78d3b1677a8df203e09787c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579867.TMP

Filesize
48B

MD5
69468aab105a202d27bd4c7aeba1b351

SHA1
af3818c6bd85aedb9d0e822efb10aea73aa8d9ce

SHA256
5d5ba781d107bae3725bcfef407c7842cade185107ed7460c0480de502f5bd70

SHA512
d99dfd9b30b026a30f644000066a79c09486492511336b9e76aa0914a082e262182b89778fcf95434947c3f1d5b36a0cacdbbe8a7de66d1406d80bcf4274cbd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
2df9c16c1e8cb72626bc49d60b3ac4d0

SHA1
374405975ccf8d137173104c1c65522762c9cf33

SHA256
797cd5b402813eb703a791c409eed6d067d1fe8db90e8920e8bee85b0f6f3854

SHA512
ced9380559f767fc959705cdc77e63b3d7c48eb409681b58d65390136d40aacb2be07f0add34cb05c57331b5a44f403750cc7ed68cf94b6131c729b4fd7b8830

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
91d899bbc8eccf54f4354bca8318f516

SHA1
d8bb9a3479a56f71c9f458f8af424ea67bd9436c

SHA256
e7427faa7c3300de4a4d2d24bcd8807e0ee0875a678e2636c56b161f350cb56c

SHA512
46a093c36142d5d2619c5fd63977cb63e516584eb40bbc8a968ad8fd09657c7fc6a34fbc1f1c3d13f5c625071fb98fbf70277847443e21decfcace546c3452dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
321f72af15c6348ef0e966731c8cc3a1

SHA1
8b6d6d7b9090ac19680171cbfdfd6d00c7f8d31d

SHA256
9f0dd27c7ba0bf26c029720436ece0e1f4797db4f3b16facc0656fea1a960c64

SHA512
af82db5d2bfc239e04c81ad6ec85407641574da645a273a3bbf853151aeeb3662b6aaf813a1c3cb1ea2c8b14611f7221d50a1a72d097daa9329c6a522e116bb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
9a05a0577bdbaf158d31343f506d8c00

SHA1
7911d812c7da25838dc25ba9a0e3c2ad4bd6b249

SHA256
02582361f1a65d1fd98fa4b48edb84f2c87f45c0407e8846dd03526a5eac388d

SHA512
5647da9455cd7f64bc94489dbdaff65de4bc079b01b863113d2357ccf97469fea91cecde265b28864c8a07db248fbb11c802a17d09fbbfb57f815c323161843b

Download Submit