hxxps://yandex[.]ru/

Resubmissions

02/06/2023, 07:11

230602-h1bvssac99 6

02/06/2023, 07:02

230602-ht5jjaag4s 6

02/06/2023, 06:41

230602-hf5mdaaf8w 6

Analysis

max time kernel
526s
max time network
446s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
02/06/2023, 07:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://yandex.ru/

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	sdclt.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	sdclt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	wbengine.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133301701879370065"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings	control.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2076	chrome.exe
2076	chrome.exe
4428	chrome.exe
4428	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe
2076	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2112	2076	chrome.exe	66
PID 2076 wrote to memory of 2112	2076	chrome.exe	66
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4272	2076	chrome.exe	69
PID 2076 wrote to memory of 4296	2076	chrome.exe	68
PID 2076 wrote to memory of 4296	2076	chrome.exe	68
PID 2076 wrote to memory of 3920	2076	chrome.exe	70
PID 2076 wrote to memory of 3920	2076	chrome.exe	70
PID 2076 wrote to memory of 3920	2076	chrome.exe	70
PID 2076 wrote to memory of 3920	2076	chrome.exe	70
PID 2076 wrote to memory of 3920	2076	chrome.exe	70
PID 2076 wrote to memory of 3920	2076	chrome.exe	70
PID 2076 wrote to memory of 3920	2076	chrome.exe	70
PID 2076 wrote to memory of 3920	2076	chrome.exe	70
PID 2076 wrote to memory of 3920	2076	chrome.exe	70
PID 2076 wrote to memory of 3920	2076	chrome.exe	70
PID 2076 wrote to memory of 3920	2076	chrome.exe	70
PID 2076 wrote to memory of 3920	2076	chrome.exe	70
PID 2076 wrote to memory of 3920	2076	chrome.exe	70
PID 2076 wrote to memory of 3920	2076	chrome.exe	70
PID 2076 wrote to memory of 3920	2076	chrome.exe	70
PID 2076 wrote to memory of 3920	2076	chrome.exe	70
PID 2076 wrote to memory of 3920	2076	chrome.exe	70
PID 2076 wrote to memory of 3920	2076	chrome.exe	70
PID 2076 wrote to memory of 3920	2076	chrome.exe	70
PID 2076 wrote to memory of 3920	2076	chrome.exe	70
PID 2076 wrote to memory of 3920	2076	chrome.exe	70
PID 2076 wrote to memory of 3920	2076	chrome.exe	70

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://yandex.ru/
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xac,0xd8,0x7ffca9fe9758,0x7ffca9fe9768,0x7ffca9fe9778
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1824,i,8046131118253988920,6538245336463887399,131072 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1824,i,8046131118253988920,6538245336463887399,131072 /prefetch:2
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1392 --field-trial-handle=1824,i,8046131118253988920,6538245336463887399,131072 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1824,i,8046131118253988920,6538245336463887399,131072 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1824,i,8046131118253988920,6538245336463887399,131072 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3484 --field-trial-handle=1824,i,8046131118253988920,6538245336463887399,131072 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1824,i,8046131118253988920,6538245336463887399,131072 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1824,i,8046131118253988920,6538245336463887399,131072 /prefetch:8
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3488 --field-trial-handle=1824,i,8046131118253988920,6538245336463887399,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4428

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2464

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:5040

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" LanguagePackInstaller
1⤵
PID:216

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" LanguagePackInstaller
1⤵
PID:3004

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:1304

C:\Windows\system32\sdclt.exe
"C:\Windows\system32\sdclt.exe"
1⤵
PID:836
- C:\Windows\System32\control.exe
  "C:\Windows\System32\control.exe" /name Microsoft.BackupAndRestoreCenter
  2⤵
  - Modifies registry class
  PID:2836

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:5064

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
PID:2796

C:\Windows\system32\sdclt.exe
"C:\Windows\system32\sdclt.exe" /BLBBACKUPWIZARD
1⤵
- Enumerates connected drives
- Checks SCSI registry key(s)
PID:3924

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Checks SCSI registry key(s)
PID:3612

C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
1⤵
PID:3752

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Checks SCSI registry key(s)
PID:3388

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:5088

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
b850a5347e88ab17c37a8e0848b9f961

SHA1
70caac126c50f663f8df0e805581c54294c12560

SHA256
d78c7bdd8040de1ccb36c7712ab56f5e3c62648ff299db9693976da92d8553cb

SHA512
5f7ce6c0af0a2231894229ce370816987f93e5cbb5d3a0a8ad2053a89b839f60a5adddc4143f5062af0cf48e765d1679b313adfb48ef894eb3bf7d1b9c0cd6f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
405c989565e67daeaf2e7304108352e2

SHA1
3778ecc92f81c6e11ef48eb7d2435dd0f31f9a55

SHA256
2eb384ec411158621a991777504c670b49564fb6427d62459d47dcdcd80cb6bc

SHA512
6664bc82f8c3a98b8bfa19620ec7da9574de4b715c4245e8a13326929c68d5acb49fee35b9d31c8ac2eab50db71874eadc1c279fb9104b44965454d879bdedeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\76b647ac-6be7-4479-af60-545d18984686.tmp

Filesize
1KB

MD5
b848ee289283a0d7592c92b75c771d6a

SHA1
c81d5c93edf9bbf2054680571db22a5c53eab27f

SHA256
3143eb42f25b607338da1317831e9ffa8a233a6536885d19339ef5c26db4a1ca

SHA512
11c4a9aa7f49d0273a0c919f4d001ada01f9f1614d500acbd0091735bc1a89b98fae1af90de6e561b57e3386300cc893aa1a078e2e6fdbde3dc5463f77b79602

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c78623ef12b35a2f8fac76bd4a93942b

SHA1
e921d28f3f42f8996f76dd4077b73b3dda2c50f1

SHA256
9e85b9a2e7d4bdfd5df42dfd204169b4eec8e86460281c6b5e35498bd6cffd79

SHA512
3dacd6dafc539a9c557016f7592790aea53886f76a819c6df97f6a6e9a9a8c8adefc8c499c2519710b62eb7b444b963805f93453028663c48fea1694a7ddc9cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d8a87a36ba3f7e4a9bf8298bf757940d

SHA1
48467d7c783b65240c0a8dcab08d5d4f783b1964

SHA256
228a6948e4038c6b3e1728bf5d1badabf0cbaf3fe5e77cef2adcf0c9bb788ede

SHA512
ff15564dbe28235bb8190702d63c7b02472afe3a0dcfd2afdada88d703bbe13836381123b3fea57d5c0651abaa827beacdbb144c2b78d027c62546cf613c91d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1a7977ce1016b9d77a97911f3804a78b

SHA1
b081ead550acc8b9ff5ebea4f52169523696a43d

SHA256
5b09c2ab6b1c25d1c56723d0eb6499cc6fdccb04054a7e37826e376b816ccb61

SHA512
40b71e1516b58b4c0219f792d14b1ae14ae16e8a6a8d72fb51e3088115d105acb4d0303163156402a2663697153c71532dde2911045debc31b8857643fff2d7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d1cb2420bd84056b6ecc5ab64887f183

SHA1
941768125240e28a9ba835279757ff830a0e9c08

SHA256
e63cd364f6654ccb3f8b89612598f2255ce6ab536b7b2e885a58f6c599c33c9c

SHA512
0356bdf9f40dae62d0d4be777539ee607ab78c48f43f4425ee0b1e875e04e52da021c4a4fbf3118e938d4188917692451213c3a132d4bcd155415e0511a9c6f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fc69d29610d8f4c8cf80488feba67d2b

SHA1
4630fa6a9235d4a3e83c7f84627905333ca92ed4

SHA256
375259315ea512bb1c7ca9e8d4f18a96d411d94d66a46678fb83329d5dc971a9

SHA512
b53fa5ecb67c5903e7805e582157c290288fe5d00a22e66ead5322e4f6ac23e8171e0e6e32ba36e7010960c6d461d0db258b30e8477cd93f84adac342f165d28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
158KB

MD5
6d2cf1ee888498239b32f99c58f24b50

SHA1
e0c0f2b8559935bb8f98887db91b59e6d1eb6ca6

SHA256
e0975fdf2bd01ec048b64571532dbcdfc6ba10c3d0cbbeb0786826496904839c

SHA512
c0338fe40af9f779a5f193f0736de1b99712f9a7bcd1201d16227683d1a1347a7978f4a649c3bbd7caaf386e83ba8946c49444f4d456d938a4bf832867212488

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
158KB

MD5
faae647d2584be3dfe925150114ccac9

SHA1
b5f6b435eba376530adc43e1a73ab0e7cb5981dd

SHA256
244424677984bda4546df600927d73ba94ab9c3feeb0deaaee56f9dbe82bbebf

SHA512
7cce89ac695dc920fbd8cc32f42b8258f74943b87542df138c400620ddd63ae697ac30e2fa81dc741c13a9b208ca4bb868cb27c98f3d7eb4e30dd850892f9125

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit