hxxps://o-cs[.]ru/load/sborki_cs_1_6/russkaja_versija_ks_1_6/335-1-0-162

max time kernel
295s
max time network
301s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
30/09/2023, 16:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://o-cs.ru/load/sborki_cs_1_6/russkaja_versija_ks_1_6/335-1-0-162

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133405635124672226"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3324	chrome.exe
3324	chrome.exe
1664	chrome.exe
1664	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe
Token: SeShutdownPrivilege	3324	chrome.exe
Token: SeCreatePagefilePrivilege	3324	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe
3324	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3324 wrote to memory of 4392	3324	chrome.exe	70
PID 3324 wrote to memory of 4392	3324	chrome.exe	70
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 5080	3324	chrome.exe	74
PID 3324 wrote to memory of 3192	3324	chrome.exe	72
PID 3324 wrote to memory of 3192	3324	chrome.exe	72
PID 3324 wrote to memory of 1092	3324	chrome.exe	73
PID 3324 wrote to memory of 1092	3324	chrome.exe	73
PID 3324 wrote to memory of 1092	3324	chrome.exe	73
PID 3324 wrote to memory of 1092	3324	chrome.exe	73
PID 3324 wrote to memory of 1092	3324	chrome.exe	73
PID 3324 wrote to memory of 1092	3324	chrome.exe	73
PID 3324 wrote to memory of 1092	3324	chrome.exe	73
PID 3324 wrote to memory of 1092	3324	chrome.exe	73
PID 3324 wrote to memory of 1092	3324	chrome.exe	73
PID 3324 wrote to memory of 1092	3324	chrome.exe	73
PID 3324 wrote to memory of 1092	3324	chrome.exe	73
PID 3324 wrote to memory of 1092	3324	chrome.exe	73
PID 3324 wrote to memory of 1092	3324	chrome.exe	73
PID 3324 wrote to memory of 1092	3324	chrome.exe	73
PID 3324 wrote to memory of 1092	3324	chrome.exe	73
PID 3324 wrote to memory of 1092	3324	chrome.exe	73
PID 3324 wrote to memory of 1092	3324	chrome.exe	73
PID 3324 wrote to memory of 1092	3324	chrome.exe	73
PID 3324 wrote to memory of 1092	3324	chrome.exe	73
PID 3324 wrote to memory of 1092	3324	chrome.exe	73
PID 3324 wrote to memory of 1092	3324	chrome.exe	73
PID 3324 wrote to memory of 1092	3324	chrome.exe	73

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://o-cs.ru/load/sborki_cs_1_6/russkaja_versija_ks_1_6/335-1-0-162
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffabf269758,0x7ffabf269768,0x7ffabf269778
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1852,i,1818057204524410854,18017000275458374742,131072 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1852,i,1818057204524410854,18017000275458374742,131072 /prefetch:8
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1852,i,1818057204524410854,18017000275458374742,131072 /prefetch:2
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1852,i,1818057204524410854,18017000275458374742,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1852,i,1818057204524410854,18017000275458374742,131072 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4532 --field-trial-handle=1852,i,1818057204524410854,18017000275458374742,131072 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1852,i,1818057204524410854,18017000275458374742,131072 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4832 --field-trial-handle=1852,i,1818057204524410854,18017000275458374742,131072 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5032 --field-trial-handle=1852,i,1818057204524410854,18017000275458374742,131072 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6092 --field-trial-handle=1852,i,1818057204524410854,18017000275458374742,131072 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 --field-trial-handle=1852,i,1818057204524410854,18017000275458374742,131072 /prefetch:8
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4632 --field-trial-handle=1852,i,1818057204524410854,18017000275458374742,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1664

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
6206714ac9dcf9beda77c62290e84d02

SHA1
28684a5b8b9a9ae13e7c27bd81b5e518c8712791

SHA256
7d47909fea08feb75d51b0e767324fc17eb7a311c7528ea46a179240f854bb60

SHA512
a7778ff81027b02de9b87bb8658733917a2dd347e4f5042e9848ec034751ac5e5b1e332ed502282ec754fc4c7305f4e08024504cc1a84715d4490e938e0f4fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
5d269f61801621751006971c938d0661

SHA1
78d5f7af256851680152eb8fa79b83a94d0e9395

SHA256
d48510baedf0bac4ad5077e0fa3c72eb5831d7edd78a017d48f0dd6bc4907a5d

SHA512
7d71ff8045f3a49faf62618381792a7f3a062d1fb8da3758d3bbe309cae18f06e2c111ac57ab40d954794f055e779e75571da2ee88985e8afd7a242dd452118f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
93093cdbcbbc83a9fee97f1ca4875616

SHA1
fc8153c92e48407e6eb6a17e7a85caeda428278e

SHA256
d6b6613dd6b1d38e6191f92692947eed2e6dad890e61f0bc76df140d005e3ab0

SHA512
f2d037d8b1ec5dbb76ea6a2f0bcd75e381eedb57b8d1f08c3d86754f731a59e32648e6bd934a16f339759012f107544da9100901884d21a594af57b4e09ea298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
353ccfa2c3a9b8c7c9dbe8a8669618b4

SHA1
22323392b661fb1cf2de71680b9f2bbdfc23d497

SHA256
f0ded938f16d58cdeb8fcf299887ec1f9bc6131d53d03479c38b084475801438

SHA512
28552bfa89f96ea717a7d4e8cf9dbdb3b99b775bc8d99b81e8ed47e6230c6dabaef037f0844696e289fefa6b42fbe609a9639a6dddd33f0133db022f8844634a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
dfeb125ee18320c0f04942170ddf88cd

SHA1
a8496c3f10aa25fa2d578b9dba8310dcfe384744

SHA256
267bb029af3f56c6a6f3749849b2853c909486d4d1a44da7387d9afdf1af2d6f

SHA512
61e99065c81cf5865d02bda1b537fba4523dfb291c9bb9aeb2853bbf32d34434b36e59713e766b0085a362080c234af5d2370de6d3a3a09288f5a82852db21d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
982ba7b4d44689ed49889fd47a3a19f9

SHA1
4009ad82fc744367dfd5ced0cef35e8b6154387c

SHA256
7f528726132bb52064685f6a4df685b322d36a35c7c14d52ce94bba738729443

SHA512
8f429d40e43b40d439daa119303617cc810c814631870b2aa3fd5d263d8f326f741c0429e46eb60f7c0fa4e2d065ab1a7743225ceedad3cc9b61a4bb20309bc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5ffd7ac2abab72ff5f4248ef4c3e4fd5

SHA1
00065058513d6d003c30e24e4b93e5074793c4a5

SHA256
78c31dc37237086a46e4f899b6d5386f88aef4f89e37c575e15331f77d2e94c2

SHA512
35a4575a0fed99f3a53dd485cf947b10fbb0f34fb8d547b25b3da376785793a367f6bc5d3975c0d7c8ac8c14861a846d3c7523124a5fbd2d8cb143359ed51838

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe579654.TMP

Filesize
120B

MD5
4a015550221a8e7a1fbaa4a80e7160cd

SHA1
4195cf45c1bc04bbf3c98f3c4469dde0cf427471

SHA256
d0fc583db2422da6cd4ded0b858596b4e19ba4a1a9dc8f53d2d70ac59c2fa5a8

SHA512
a737af2b8fe650f565c04668dc06b30572fc370283b248a78bec67dcdf229e94aa9fa212c9840f5bb15d8883a5327ff23477f8154b245a29c937c20d9a5c3c8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
06f789c70781c71c88bf6ba883c0b884

SHA1
561ad18f07869617d32f5548b1890189d3aaea5a

SHA256
79dad541cd80addf3d8734424c02250acfe1a04408ef1627798ca18d6faea97f

SHA512
c091ceb006821d0972f49afa4a56206f22be1db601036056f3723f908feecc83222431d8a55ab164f7c698863c6c02716efa90e4ebb76bd156f21e5453f013b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit