hxxps://mail[.]turing[.]com/api/analytics?ti=d554d536f06a156d824003d0c664b257c1ebe0746f5c636f01cb954c5f0c4b684821ae3ba8e679c9e7728c86aa69b0b0eed472c96393f62a0c431339782e0ac4d40f4a8cad32476fff07a90a24abc253eae29ade09a4a164d68248967df03bc0b5257f664b57a390cc3682f8eca1aefd040988f60d0b6f829267aae6229c4d&rd=hxxp://5s6[.]chicclothes[.]sa[.]com/siemens[.]com/bmF2ZWVuLm1hbGxlbGFAc2llbWVucy5jb20=

Analysis

max time kernel
1800s
max time network
1689s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2023, 12:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mail.turing.com/api/analytics?ti=d554d536f06a156d824003d0c664b257c1ebe0746f5c636f01cb954c5f0c4b684821ae3ba8e679c9e7728c86aa69b0b0eed472c96393f62a0c431339782e0ac4d40f4a8cad32476fff07a90a24abc253eae29ade09a4a164d68248967df03bc0b5257f664b57a390cc3682f8eca1aefd040988f60d0b6f829267aae6229c4d&rd=http://5s6.chicclothes.sa.com/siemens.com/bmF2ZWVuLm1hbGxlbGFAc2llbWVucy5jb20=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133263896117779923"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1436	chrome.exe
1436	chrome.exe
4192	chrome.exe
4192	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe
Token: SeShutdownPrivilege	1436	chrome.exe
Token: SeCreatePagefilePrivilege	1436	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe
1436	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1436 wrote to memory of 1356	1436	chrome.exe	80
PID 1436 wrote to memory of 1356	1436	chrome.exe	80
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 832	1436	chrome.exe	83
PID 1436 wrote to memory of 3348	1436	chrome.exe	84
PID 1436 wrote to memory of 3348	1436	chrome.exe	84
PID 1436 wrote to memory of 1068	1436	chrome.exe	85
PID 1436 wrote to memory of 1068	1436	chrome.exe	85
PID 1436 wrote to memory of 1068	1436	chrome.exe	85
PID 1436 wrote to memory of 1068	1436	chrome.exe	85
PID 1436 wrote to memory of 1068	1436	chrome.exe	85
PID 1436 wrote to memory of 1068	1436	chrome.exe	85
PID 1436 wrote to memory of 1068	1436	chrome.exe	85
PID 1436 wrote to memory of 1068	1436	chrome.exe	85
PID 1436 wrote to memory of 1068	1436	chrome.exe	85
PID 1436 wrote to memory of 1068	1436	chrome.exe	85
PID 1436 wrote to memory of 1068	1436	chrome.exe	85
PID 1436 wrote to memory of 1068	1436	chrome.exe	85
PID 1436 wrote to memory of 1068	1436	chrome.exe	85
PID 1436 wrote to memory of 1068	1436	chrome.exe	85
PID 1436 wrote to memory of 1068	1436	chrome.exe	85
PID 1436 wrote to memory of 1068	1436	chrome.exe	85
PID 1436 wrote to memory of 1068	1436	chrome.exe	85
PID 1436 wrote to memory of 1068	1436	chrome.exe	85
PID 1436 wrote to memory of 1068	1436	chrome.exe	85
PID 1436 wrote to memory of 1068	1436	chrome.exe	85
PID 1436 wrote to memory of 1068	1436	chrome.exe	85
PID 1436 wrote to memory of 1068	1436	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://mail.turing.com/api/analytics?ti=d554d536f06a156d824003d0c664b257c1ebe0746f5c636f01cb954c5f0c4b684821ae3ba8e679c9e7728c86aa69b0b0eed472c96393f62a0c431339782e0ac4d40f4a8cad32476fff07a90a24abc253eae29ade09a4a164d68248967df03bc0b5257f664b57a390cc3682f8eca1aefd040988f60d0b6f829267aae6229c4d&rd=http://5s6.chicclothes.sa.com/siemens.com/bmF2ZWVuLm1hbGxlbGFAc2llbWVucy5jb20=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa50289758,0x7ffa50289768,0x7ffa50289778
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1740,i,3376796104888817274,4409733098176726707,131072 /prefetch:2
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1740,i,3376796104888817274,4409733098176726707,131072 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1740,i,3376796104888817274,4409733098176726707,131072 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3128 --field-trial-handle=1740,i,3376796104888817274,4409733098176726707,131072 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=1740,i,3376796104888817274,4409733098176726707,131072 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4456 --field-trial-handle=1740,i,3376796104888817274,4409733098176726707,131072 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4604 --field-trial-handle=1740,i,3376796104888817274,4409733098176726707,131072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4748 --field-trial-handle=1740,i,3376796104888817274,4409733098176726707,131072 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5308 --field-trial-handle=1740,i,3376796104888817274,4409733098176726707,131072 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 --field-trial-handle=1740,i,3376796104888817274,4409733098176726707,131072 /prefetch:8
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5936 --field-trial-handle=1740,i,3376796104888817274,4409733098176726707,131072 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 --field-trial-handle=1740,i,3376796104888817274,4409733098176726707,131072 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3948 --field-trial-handle=1740,i,3376796104888817274,4409733098176726707,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4420 --field-trial-handle=1740,i,3376796104888817274,4409733098176726707,131072 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5344 --field-trial-handle=1740,i,3376796104888817274,4409733098176726707,131072 /prefetch:1
  2⤵
  PID:3796

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3172

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
710bfd8359702ecf385f00a7773893f0

SHA1
42b907784305b1e66bd9f7ba71d47384fdc8b594

SHA256
3ffc77f159b9efb8dae5ee05b8e558ef0f518b4c9bc77cdeb17b04f2cbe906bd

SHA512
fc7efb3085bde90ccb31c59b389bc1cca024005be151549e79719650e4a37ae27cf97f6a79f86fa0ddb363904ac14518012dd185b3a0618b7e3d059f0b336df0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
a67aa26ce05ba0a4946d95a93039569f

SHA1
951a67f733d0a16d86cc8e94013777f8ca8ce238

SHA256
b122a8d7a775e1ae47790f9cbebfa8d4828a2183e50c09c1efcfc1ae42a8ad3a

SHA512
5ec7116a6580a41f0ff1ccb24fd5d4954a14b49eae785abaa5f3a1ffdc3f234c4158b262c67f0e99c05f1f30dc35cbf8ebc277f63c14d6b5bc4649b5b88825c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
e7f9700e68c1f9569c2d044c9fbbb778

SHA1
3de8d439a8c315585697eafb740d23f81febca57

SHA256
9feacba48a080930f49188f2a7261d5dfdad9603d21ae7b65c66f11d1bcdc29b

SHA512
c1df10fbcdb8426fe318f47279054140b51ca8b881c25cf12ec2771af81a1cebb0240b2b1008df1b56780be28a9f0a01dc8bd9f147ae90f17850c4b5efc8524b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ed83197f0eee7a5d312a07621932b935

SHA1
e4c805b37d1bab756ab8782b06393272fa187fe1

SHA256
ed39caae6ba4b4ae597a43bfaebcb2b997759defee37651dbe8117ab3e78c77e

SHA512
a60c4b58d719426d230804ed4f579f4a01e1063898c16041b341e06038fd23a545eec8c93a5829d43a5dc14814fcd457c0df436a0a88a74c946323bc85dfd403

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0a5793ad2258cf52189e9fcc86adf710

SHA1
f7a61a3afb3b5bbf775c2266b379f652f1689e6e

SHA256
872361b43abf0ce42ec59e285aa107814de5a1ebddaeeee365e221379938135d

SHA512
1af9c8b2c4f31c959dc3aaa25f646121a5d9d23487717b566ba00f12a8bedc4f2ef4fd938319213e701aff7292eaf98c516bc279e97b4c7b566b527fad02b360

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6eefb59fa7de8946c2565afd48886a84

SHA1
fbf87b47cd0920927ca95ef8ea483cb7a6ac4e23

SHA256
74c1a1e65cf2ff447709764b8d579fd5d97159a540fdfa8e1bc59f603915b837

SHA512
ba02fcefbbcc18577bd58971c0fbce2ce247d6b6506697a620d33fff7ecb4c65d0febc246ac5c7ffa298feef5053e3fa3e6f382804d3ff23ede57a0a7d6d6bf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
af3cd4180fc2b29fcf534343eb6c46ae

SHA1
5b5cab01264e26540d61c6c902c81c413fe2b726

SHA256
277784ba7a48566ab43ae13fa6913bfe63f9d091423b187088e896996e0d1406

SHA512
5f9bc453f0fb1e342963f632fa54785c156cea8e26e07d9439b16f723802f425af843ede8c5573b0362889c07bbfafaa4e6b41715ea74d9565871b73de5f5681

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
b44fc531e656b4367cbf142b4c9c59ca

SHA1
e344aeb8091890ba6f47805bfa3ac8bcb843777a

SHA256
eef5fffe57382439225a2c40834f71db0284b010cbd2187f97327dcd0123b4b3

SHA512
33a05ee14e68b89a3e60ba34aba3e6b4e99375c8ded8058fd8fc190ce7fe193beb56cf65da5c0b62b31f6f8ae81bad41087346a5fb89f3b46fe607bfc56d5e34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
3137da1be86370e7bfc1f6cbdd552bd0

SHA1
45cd7658cfe94278df601ab9e9326a9cce148a81

SHA256
ea64added3af088e71e441db2165d7eb00c56aad6a3fae108ac64399904e15d2

SHA512
8d6a07c9cf7ce2aede479e36d08d3405bba770b8ed916b262ef2d1bc48d8cd12c1c3e2a96538fb30867edd78fce7bb32248894589cc5894af081d033e513dccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bd9cc7c93f9e53ee0039396a06fea02b

SHA1
f59d8fe59ddfac879dae96e69d2694d299e4f5e7

SHA256
43b991e4a731157e5b8986763c1a3219ef93487b5a33d292dda9590439cd6238

SHA512
55e7cdd637083b99ac7d9cf649dc6f99212275adbea2e630f328c606c5660f358e573d9c941896a611009f0dbe520a26046d7895d3348d224e0bfb30d05f910d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5bf46c841427de3f996604ff3427117d

SHA1
1b0d0ca01fe4f0bfc01ae3fcd148c71583d3a59b

SHA256
cb27e4a000217f031b1bdb35def391c062e8659e3b45f440c278fd7bb4848981

SHA512
395eac2317fa2b3733c773a61533cb0ca652c0aed4ccf3aca6a72f1b0a062a8c31538d4a68b6e74fae799ae3035b14f43d13a15665f91d709938c5d41609f11a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
7d5021b410aa405480ce76822cf775fb

SHA1
44f991b82d8d89157611b299e36a79f975dd3965

SHA256
cba56ee5be9ed6cc114e0d8614f7436dd28e1dea0978ccb40e6c1e87621e043a

SHA512
b6a4e3687f69a97554cb5f0ff87fbca3851d4215e1cb3fb99e80d307426a0ff545e1d30437a7e8e9146953b47ad04e98c407dc65620c93f327619d11f04968a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit