hxxps://czxoc[.]decments-su[.]ru

Analysis

max time kernel
108s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2023, 14:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://czxoc.decments-su.ru

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133244084760667893"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe
Token: SeShutdownPrivilege	1612	chrome.exe
Token: SeCreatePagefilePrivilege	1612	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe
1612	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 3992	1612	chrome.exe	85
PID 1612 wrote to memory of 3992	1612	chrome.exe	85
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 4368	1612	chrome.exe	86
PID 1612 wrote to memory of 2544	1612	chrome.exe	87
PID 1612 wrote to memory of 2544	1612	chrome.exe	87
PID 1612 wrote to memory of 3168	1612	chrome.exe	88
PID 1612 wrote to memory of 3168	1612	chrome.exe	88
PID 1612 wrote to memory of 3168	1612	chrome.exe	88
PID 1612 wrote to memory of 3168	1612	chrome.exe	88
PID 1612 wrote to memory of 3168	1612	chrome.exe	88
PID 1612 wrote to memory of 3168	1612	chrome.exe	88
PID 1612 wrote to memory of 3168	1612	chrome.exe	88
PID 1612 wrote to memory of 3168	1612	chrome.exe	88
PID 1612 wrote to memory of 3168	1612	chrome.exe	88
PID 1612 wrote to memory of 3168	1612	chrome.exe	88
PID 1612 wrote to memory of 3168	1612	chrome.exe	88
PID 1612 wrote to memory of 3168	1612	chrome.exe	88
PID 1612 wrote to memory of 3168	1612	chrome.exe	88
PID 1612 wrote to memory of 3168	1612	chrome.exe	88
PID 1612 wrote to memory of 3168	1612	chrome.exe	88
PID 1612 wrote to memory of 3168	1612	chrome.exe	88
PID 1612 wrote to memory of 3168	1612	chrome.exe	88
PID 1612 wrote to memory of 3168	1612	chrome.exe	88
PID 1612 wrote to memory of 3168	1612	chrome.exe	88
PID 1612 wrote to memory of 3168	1612	chrome.exe	88
PID 1612 wrote to memory of 3168	1612	chrome.exe	88
PID 1612 wrote to memory of 3168	1612	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://czxoc.decments-su.ru
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9136f9758,0x7ff9136f9768,0x7ff9136f9778
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1840,i,13492881896088486931,11451878362428042507,131072 /prefetch:2
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1840,i,13492881896088486931,11451878362428042507,131072 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1840,i,13492881896088486931,11451878362428042507,131072 /prefetch:8
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3220 --field-trial-handle=1840,i,13492881896088486931,11451878362428042507,131072 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1840,i,13492881896088486931,11451878362428042507,131072 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1840,i,13492881896088486931,11451878362428042507,131072 /prefetch:8
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4864 --field-trial-handle=1840,i,13492881896088486931,11451878362428042507,131072 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1840,i,13492881896088486931,11451878362428042507,131072 /prefetch:8
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4832 --field-trial-handle=1840,i,13492881896088486931,11451878362428042507,131072 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4052 --field-trial-handle=1840,i,13492881896088486931,11451878362428042507,131072 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3468 --field-trial-handle=1840,i,13492881896088486931,11451878362428042507,131072 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5496 --field-trial-handle=1840,i,13492881896088486931,11451878362428042507,131072 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4768 --field-trial-handle=1840,i,13492881896088486931,11451878362428042507,131072 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3224 --field-trial-handle=1840,i,13492881896088486931,11451878362428042507,131072 /prefetch:8
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3232 --field-trial-handle=1840,i,13492881896088486931,11451878362428042507,131072 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5352 --field-trial-handle=1840,i,13492881896088486931,11451878362428042507,131072 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5460 --field-trial-handle=1840,i,13492881896088486931,11451878362428042507,131072 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5312 --field-trial-handle=1840,i,13492881896088486931,11451878362428042507,131072 /prefetch:1
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=948 --field-trial-handle=1840,i,13492881896088486931,11451878362428042507,131072 /prefetch:1
  2⤵
  PID:676

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1196

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
17KB

MD5
e4a088ffa595a7d6ffa17c156243c797

SHA1
c44dd12a34446c5138472d0b0e93b4f08c64301a

SHA256
2439bd19413c52148e253fb028200e792c9d016e33df677b56faec35ccc838f3

SHA512
3d8e1467037ca0ee55c858e4c2a45ba61d4c34a24c871a1388d4569a3e0c70b26285620b694226c0c95dd08288b3c178622c74e64f2afe89d9eccaa7b8ce1940

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
30KB

MD5
b3bc81caed2b23dbc5ac0de7c6c3fc46

SHA1
218de7f003e489b3e16645e3b96fec4aaa48d394

SHA256
ebf6487bdccec01765753e87e3d82ed2c30520fd65a4a720f71ae6dd7d04881c

SHA512
fabf86a32e5503c1f82aa8425c9c6de4b8c03f80b27f0496ed338ab4c98ad09624a44717c4256ab7af1d21b825bf806bf0275ce1fb893c6e8b639ac1b449d2f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d4bee5c091d215115b5ddae475ca3eb2

SHA1
7b747fecd1342d96082c5acf819a61802f530e94

SHA256
52a1714901ce62b458f761f695cd91bca3ee7c5aa635b1c8a0dd3f720c035120

SHA512
6391316df20abddc92089acb11ea333f7562f3b893c5c95fe482f1b842ef90bdda9139f8a36fad707934054df17a2eb2614e26f4c2b08b70d3a0312aaba83b09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
ffbace3317c028e810960768431a0c8c

SHA1
2fcb2510426b7faa766df41f4c683cf07b269618

SHA256
5da794e07d90aba8f17bcc8f313ef39fff1becc789f8f427baa245b9b6a03c02

SHA512
3889ed2c5472db216a310b37fcd6bd43445ed25683b62f2646e4d97befed4edff8107bc5b2f15944955b8f78f117bbfc42898fda2570589833cef2757fd91ee0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
bf4198ac43c06d81b8effb099d2f79b3

SHA1
0ecafde6e0499010c86a85a1359b400f3817c9b1

SHA256
1e37e02647810da9ff5f23b5f0daf73e9eb784f7287d179e3b35f7d5087e1fb6

SHA512
9e8a47acf7161ce9d5c5ea00311a9539831335d0962af365a6d7461c9db828833b8c0eac8e6cc2f1efce2e14479818e785c49701d57064866e395ce56bf64558

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
534B

MD5
42496404b21953c95ca70fdcab65a383

SHA1
56cda42999818a5c1e81931a46b6008a441ad43a

SHA256
5c37411a72bdeaa4043d106b7e11a235427322ed4d28cc8b432c16f73e828270

SHA512
19ebbb3084be8560ecf2158ffc2f39bcf9d348b41a6db6391449457d518cf9a2e8b554ce177ecd6bb6a38034ad5f304d327667a3fe2826ec5a8e71dc0c37c063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
00798db385069c212f46c7f822d6d636

SHA1
5b9f5b0e7623cc62291275cd30c101dad831ec04

SHA256
4d16593f19e8c74779f7414e2aaff4fa4cd2d620618d990cd16a6a18f40bb065

SHA512
81079b7e69760e1207cde30ec57cdaccf6ffae71a0c6b0baf4b261d9a843a5d698e49ae7030f9122d4b99505b66cccde1e995ded03115df239674961bd9bd148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c97248b198344c77b936e9cd662877df

SHA1
eae36c31e777062a2b2ec2c45bd0a823f62b56bf

SHA256
99584b865684e43ddcaa593af34d4a27a84062915eb0328e8e1d172028379bbf

SHA512
9a9975d42bdadf0dfc1db8558cddde05f90a0e62c19591e1a0d05e5806633577608241d80e7fa6cef557987570eb746d19e47980611d64e54c9189237a6b226a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cb912c8598c11cef286c4547de0de196

SHA1
856e33a294f34681bf6cc33ca324c10ab0b16cdb

SHA256
41708c612b9bd18757d1b72c81d0ff7d5bad1d864e2f7a5eeef6270cf45b7d7c

SHA512
0da185b58c113c71b34b4a3037fd2671125bc8d5870ca0acba573bd1ee21640c9e7cae68d7e90d0c586dbe8b399e028118361b59aaabc8a5594451d0d55972c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c453898064cd06e9654b38a504b56334

SHA1
052216717dc1050e4d34501e9914959c10dded8e

SHA256
d646b5ada225e544de8a6a2815aa8b61f0fc4da2de4e11870dc8ddc6cc3eae29

SHA512
c0b7e91ad4a2d2a239382bd3757db091b7d67b3c987dec1729e4d13ed95378e9d4dcd7d914beac6ea405d322875a253155b341e7986c5ae811fb27bf0ca4f3c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
16f4c8f4a0655d07dda3f542c3a47002

SHA1
b296f52feac2339f2855fb12d1d75f81613855e1

SHA256
92d86c93ecc1f1fea2dd86487cef14d02cdcf4a43cfea002879a33c126fddc08

SHA512
9045a6240acdbff66dd8867189f22a19586bb62f6638ee79fda0a856ce07d2d2632cbbe6cb538da933b22ef5ac5cdc0e28e4210c24eb4edfa536021d8f692bde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
70789d11ef153089d972ae0ee148f90a

SHA1
1f81f912bb3a92b90cbc1e37cb6c5ccc86b8a7d8

SHA256
d207835cd4a70cc743453ccf5f56c46acb48a0ac727d4c49ff81ad41830a6d1e

SHA512
0dc2a60ed2eda94dcab04f04a86f8b93ee1c899ea74e3aecfc1b42029589ba4e1d7b65e4e2b29a38bbdc0746840abd0bd0f8d27eab32983e033c54c7a1c015e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e433021ff5c8a624d5225a48858068fd

SHA1
f650e969f3c0ec20a276eceaf8685ca29d3f5002

SHA256
1919068d58fb502211982baa6a8c6f6e317c1aa8f9cfef29092421cfd14f1096

SHA512
ec2882b941af687bef5a637359616c48eec32d54fec0f9696c90bc724b5998d2566e0d71d73b0337343369706cf0d33d7f0ced5c01a86bdcd04b8851bf070822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
147KB

MD5
1fc660c4cedae4d52b8a1e7055d84594

SHA1
877d804cc76c6c42b745e8ed78267e46ca28fd8e

SHA256
063f22ea91a31a1720a27d2eb20d7f63e211a14b9d499f578c23f77aecd0485a

SHA512
f1966089a21b17afe8e216c5f367a82264fd7e9dcc0b05dc3f4d118fd5fe979ecc4b38cb33a9af25c39c04b6db8873198b93993e95e101d8293fefe86018c247

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
adf1c67a359393fec5cb298219947aa1

SHA1
602cd92e83f76c9dd6bc20e0d69259683d75b085

SHA256
68b5fd328c006c162ed06d294aa671e292f2778a72ec23a51a2a15ee250d8c28

SHA512
ab1a077c21706fddcc52eab0674fa9d980abe52ae4abe155cacea820237dea67490123131601a2b6611ac58fe53007c252154c9b70da242a916e228229cfe4ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
586298a68731f32339997ffbcf0eb655

SHA1
2dd2f7668301176ba0b3e9fbafa74a534571d565

SHA256
c4a851eb3f7fc18a3b71c4feb25c4ba8f68e99eac3cb84200e6feac15ff40079

SHA512
5c1cbeda7e95c3e6f5e5a3149b3b03805f7753ddaae94e6539e345f69e623db265cb5163f66e91971496ea376faf3679f257af61ae1164485f2364436d0f2830

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
089f83e2816fce5711e053713f4ef3a7

SHA1
40d10cdb92af766e2c984804687d700128b98e51

SHA256
823776ae7641e1ce2093eff9c7d6318bc598c599666672b7c3ad894934183d93

SHA512
47b12bb51910980ab2b743b2d6c144711226023eb9fe4e262a05cdff61cca94cf7c7d1719eb9689f4d36544b0b3556d5f683464e727a2a3438e32a4b2458571d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit