hxxps://v[.]ht/hNgeO

Analysis

max time kernel
600s
max time network
504s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
18/05/2023, 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://v.ht/hNgeO

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133288587641149221"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4732	chrome.exe
4732	chrome.exe
4220	chrome.exe
4220	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4732 wrote to memory of 1264	4732	chrome.exe	85
PID 4732 wrote to memory of 1264	4732	chrome.exe	85
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 1148	4732	chrome.exe	86
PID 4732 wrote to memory of 4244	4732	chrome.exe	87
PID 4732 wrote to memory of 4244	4732	chrome.exe	87
PID 4732 wrote to memory of 224	4732	chrome.exe	88
PID 4732 wrote to memory of 224	4732	chrome.exe	88
PID 4732 wrote to memory of 224	4732	chrome.exe	88
PID 4732 wrote to memory of 224	4732	chrome.exe	88
PID 4732 wrote to memory of 224	4732	chrome.exe	88
PID 4732 wrote to memory of 224	4732	chrome.exe	88
PID 4732 wrote to memory of 224	4732	chrome.exe	88
PID 4732 wrote to memory of 224	4732	chrome.exe	88
PID 4732 wrote to memory of 224	4732	chrome.exe	88
PID 4732 wrote to memory of 224	4732	chrome.exe	88
PID 4732 wrote to memory of 224	4732	chrome.exe	88
PID 4732 wrote to memory of 224	4732	chrome.exe	88
PID 4732 wrote to memory of 224	4732	chrome.exe	88
PID 4732 wrote to memory of 224	4732	chrome.exe	88
PID 4732 wrote to memory of 224	4732	chrome.exe	88
PID 4732 wrote to memory of 224	4732	chrome.exe	88
PID 4732 wrote to memory of 224	4732	chrome.exe	88
PID 4732 wrote to memory of 224	4732	chrome.exe	88
PID 4732 wrote to memory of 224	4732	chrome.exe	88
PID 4732 wrote to memory of 224	4732	chrome.exe	88
PID 4732 wrote to memory of 224	4732	chrome.exe	88
PID 4732 wrote to memory of 224	4732	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://v.ht/hNgeO
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb0cf9758,0x7ffcb0cf9768,0x7ffcb0cf9778
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1804,i,6747379839367684053,10734331801503223390,131072 /prefetch:2
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1804,i,6747379839367684053,10734331801503223390,131072 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1804,i,6747379839367684053,10734331801503223390,131072 /prefetch:8
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1804,i,6747379839367684053,10734331801503223390,131072 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1804,i,6747379839367684053,10734331801503223390,131072 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4560 --field-trial-handle=1804,i,6747379839367684053,10734331801503223390,131072 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4908 --field-trial-handle=1804,i,6747379839367684053,10734331801503223390,131072 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4952 --field-trial-handle=1804,i,6747379839367684053,10734331801503223390,131072 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5300 --field-trial-handle=1804,i,6747379839367684053,10734331801503223390,131072 /prefetch:8
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 --field-trial-handle=1804,i,6747379839367684053,10734331801503223390,131072 /prefetch:8
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 --field-trial-handle=1804,i,6747379839367684053,10734331801503223390,131072 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2780 --field-trial-handle=1804,i,6747379839367684053,10734331801503223390,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4220

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2096

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
7199fd935101f72395a6bc1eab5d8c53

SHA1
18fedbcce97235b9543c4643b0472ed22594e787

SHA256
7f9e4cb797e4c82fe37559f79331439306b46265a89f58dd00cdd375be2a4a8f

SHA512
589e4b1d34ebe34bb05825191ee75764cd545cb635fabcc3edc3d27216ef31419e9897a06a1a053d9effe5210a5a1a0097fc4955abd56f9aacaae8b5d16c0ce3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
7e00632a76873d311793a2c6b8463b10

SHA1
5d2cf8f77986b63767c38553757a000cc034771b

SHA256
51f2fe85e16b1b5895a67096c66a2d0d5bd647fef6aa2b5679d2bb0bc1178663

SHA512
ab01ac5b7034355de44e0f724aaa7119c77b02cb5df613a2bc3b82b78d9d077fe75a5e4ef532dc1e004837ec37077a9b05f7343d10b209179ec7b5c1f6fadcb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
70b6d67b0740f17232641452be605da8

SHA1
627fd3582c985c5bebde3c1aac49ac5055985788

SHA256
beed5fca435b9e2b06e76f4944827ba86d9cec82630675b2b541cdaae9ee8f95

SHA512
33cc8cd469906e735da11509b35c46b3906f4eed47987a121e8bf8c8f47d8c18a0f8dc9ebddc40fdb46a29976cf30cd0c64c80d0a42d9c1a2123fcb51250c155

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ca5cb1c588fde9aab79b99ef0cecd110

SHA1
3488934286c49ce5214efa3dcfb16410bc1d0d12

SHA256
26aba8a44dba469452a417045b4d7059d66a46e4fc7eef19fafca1b20eefe9a2

SHA512
d4bbdd3d0126a26a978815dcc758b3a36847d6fe6247c09fdbbdb419d40a3f8daa33bd3254464364921d1f8cac47c1390ed45d3bf7f660adf1f04911a869e2cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
8e87cea6a41abe20d042ef25789188a9

SHA1
afd323db555c9bdd3a4277dc12e8d2958fe6ba01

SHA256
658290bd03749bc7f17b1bb2cf4e8c17d2275326a083c5a04920153112dd2ec3

SHA512
4069727ad0a6fb9bf44182428d3df075e2b9da31724764e61f127d5c7be983f6b4b390585ea0578387c06f22ae37fa8cd65629f7e785a57d3a043c9189734cf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7b8cadc018200d3277743aec1b5ec09e

SHA1
6dab2b42f57fd3a7e71f2597b7463787f9c102cb

SHA256
0e2426efb17098379e455717112299f72c93ad8385e6e50d4ce2364dd1411fa8

SHA512
53517b983706596906d1b5c82999fa999bce1121cacb98360258941b793d1a7d4a6c0b25bac06c05e2cb93d38fa68af8fd592ef2ca24d7d6e77164f4fb6236c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4a1f8e77bba62dbc8ae764ec7d273b7a

SHA1
fb34f952f34d91ccb1c46817accc28750cb0bb1b

SHA256
9f789bf8676c9de3752dd6a87aebcb0765d23d13360b591d852aa07c20cadc5f

SHA512
f2ed38cf29e411f689cf27a64f29e912f535b2d256f1509b54a21102d21d68a54cea9e519f70f6550b12b2aed5df01fd9e00fdd45dd6615c13e442796104d9f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e415a98d91a5c3488101a604eb9cd900

SHA1
5d04ae2f786fd9853e144f360052d308275bed2b

SHA256
5a10a1092c773a6ebe9118c486f0657cb1e3ac7c03100195c7671d06d8c2e337

SHA512
e099fa9a78edc99ee12be487498982f6277d4b29ba3415f0c8b5679cf2f71b055c93971848f635526e45b2bbc90a9c7228912c0f4b7f330d17ecffa444ca1aba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
5bb0f276c9b56453e3066fa685b997f3

SHA1
ad93c1163b795e9e8bbc6d00f8d62324a1cff063

SHA256
7003205fd8efba3d3bc7b66dd94e08ea3a23b1bd296587f6374b865b71e02c58

SHA512
7d0f6fdb9beb7ef2e0aaf62d2de589d2c8b09f86115e9feeedc1fa1be334bf3cdffe6c226c938fd4ed18f4cb66a6377836fafd6a78200721205d7f253e370ab4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe56e9b9.TMP

Filesize
48B

MD5
26a37321f744964cd1ca960a99075541

SHA1
33e4c338935193daefad3352ce0fd2d2bcbc7ca9

SHA256
0cd0f13e53c320eccaef3105bdf1c09952b153ef1096a46599a7b86ca2018cf5

SHA512
5ae52ff38f8526437a0727d7ea1a7f3b349bcdab39d59e815d26072c2496a449581f60bf465db1e7d45ccdbab48ab106703b6f35a659934d2f23012a4b44817d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
ee45d15af2ed150193371d07a5e549c3

SHA1
ae48df82781aeee6df308ce0cc3c4b8be97ea813

SHA256
648cd44d52d058ff74e1e57c9d22121a365c15fd26375afd42cf786e32e1c164

SHA512
845826f4a506dced516035c16fb86be07ecd48cd00ce15029b3300110aca59725181207d1511307e9b9d9bd1194ef4d34ef39ae6a6290c002c3716e5e7f7ef9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit