hxxps://decorhire-johannesburg[.]com/nm/?96649931

Analysis

max time kernel
206s
max time network
201s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
23/10/2023, 12:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://decorhire-johannesburg.com/nm/?96649931

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133425394900708328"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1511405631-3522522280-778892991-1000\{90B83227-8B16-4FF7-879D-D331B38E0058}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
888	chrome.exe
888	chrome.exe
3916	chrome.exe
3916	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeCreatePagefilePrivilege	888	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 888 wrote to memory of 2376	888	chrome.exe	32
PID 888 wrote to memory of 2376	888	chrome.exe	32
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 2744	888	chrome.exe	89
PID 888 wrote to memory of 712	888	chrome.exe	90
PID 888 wrote to memory of 712	888	chrome.exe	90
PID 888 wrote to memory of 3044	888	chrome.exe	91
PID 888 wrote to memory of 3044	888	chrome.exe	91
PID 888 wrote to memory of 3044	888	chrome.exe	91
PID 888 wrote to memory of 3044	888	chrome.exe	91
PID 888 wrote to memory of 3044	888	chrome.exe	91
PID 888 wrote to memory of 3044	888	chrome.exe	91
PID 888 wrote to memory of 3044	888	chrome.exe	91
PID 888 wrote to memory of 3044	888	chrome.exe	91
PID 888 wrote to memory of 3044	888	chrome.exe	91
PID 888 wrote to memory of 3044	888	chrome.exe	91
PID 888 wrote to memory of 3044	888	chrome.exe	91
PID 888 wrote to memory of 3044	888	chrome.exe	91
PID 888 wrote to memory of 3044	888	chrome.exe	91
PID 888 wrote to memory of 3044	888	chrome.exe	91
PID 888 wrote to memory of 3044	888	chrome.exe	91
PID 888 wrote to memory of 3044	888	chrome.exe	91
PID 888 wrote to memory of 3044	888	chrome.exe	91
PID 888 wrote to memory of 3044	888	chrome.exe	91
PID 888 wrote to memory of 3044	888	chrome.exe	91
PID 888 wrote to memory of 3044	888	chrome.exe	91
PID 888 wrote to memory of 3044	888	chrome.exe	91
PID 888 wrote to memory of 3044	888	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://decorhire-johannesburg.com/nm/?96649931
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff990269758,0x7ff990269768,0x7ff990269778
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1884,i,18156296818528058594,2810212722107016562,131072 /prefetch:2
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1884,i,18156296818528058594,2810212722107016562,131072 /prefetch:8
  2⤵
  PID:712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1884,i,18156296818528058594,2810212722107016562,131072 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1884,i,18156296818528058594,2810212722107016562,131072 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1884,i,18156296818528058594,2810212722107016562,131072 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1884,i,18156296818528058594,2810212722107016562,131072 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1884,i,18156296818528058594,2810212722107016562,131072 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5032 --field-trial-handle=1884,i,18156296818528058594,2810212722107016562,131072 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4976 --field-trial-handle=1884,i,18156296818528058594,2810212722107016562,131072 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5672 --field-trial-handle=1884,i,18156296818528058594,2810212722107016562,131072 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5520 --field-trial-handle=1884,i,18156296818528058594,2810212722107016562,131072 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 --field-trial-handle=1884,i,18156296818528058594,2810212722107016562,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5960 --field-trial-handle=1884,i,18156296818528058594,2810212722107016562,131072 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5324 --field-trial-handle=1884,i,18156296818528058594,2810212722107016562,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3916

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
32e40be2b6902da4a3196b7902b07d74

SHA1
eda0dcfb0f2d315c032ca9f684abdd5c7238cc56

SHA256
39ea7fa42d9bc634dbf25146834624556a769f71339cb7bea5c1e8abca24fd7e

SHA512
c42b2a41b87b11cacaac6299fbb181e755d2698c7353f9bb1e00cac981c39912a9c1e36ba17e4d7518d8bf317769f8e4d88e5a6d65b89c383796ec55cc8ee8c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
0ad13c67ade5be632fab0f24187a1782

SHA1
f0fb332135cce1e5a3228db0571ab2ed53b78832

SHA256
e1cd6d32b6070f159c011ef6b7cd72a2b023278a4b86508f83e3e5737b0e482e

SHA512
0ec352febda0b3d92992c205dafb047dcf2837dc7f4d471908b48b1c082b4a2f5f87771198e266921ec9f280a0d4cdd77c711e22e91de8a9a481cc4484ed9538

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
b48c7f884b096d6199bef1c4348a5286

SHA1
c7aae0ed078bb3284663bad98cbdaa61f56ec4bd

SHA256
4e7a499e8d74a5d19eafb6cdcb23f36904827b4a3e8b57a0a34fa9b476eafe2d

SHA512
441d477521bd2564e65351dd6351a40666c8764ec4a30ab38c2d5817099d7eaff1ec306126382ec77da95e467ca14c6cde41fbb31092fb8852c867cd7348b70f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
72de6048664babaa3e73d5df186d8eed

SHA1
1fbe98c5b44c31adc3fd9fb235bc5fccdea3e3c4

SHA256
6c30ea8ea39510e42f17c5bb2f70b3d56b0b1cfe9935004f6d637894662fe513

SHA512
abdcf0e9a68d2e5171918c00035e1e0046ded89a908a32998a90744f2682cb93a6caf45273dd91f29ba3611af8cbdbf8dc4358ae2fae8d110b8fb8213acb72fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c0a9f5152327ef938757e33209688918

SHA1
6c8511e7aaf49f48d2d082fde947cc4908a33251

SHA256
81e704e4ba3cf5ed7297942104cea39d19ef373db5eb33818826c752218339eb

SHA512
b1e20a10bf902d74258ef15ef5f7be858fe93f3af00efff513d9118b40a4173abbe94132228dd9c36376f082dce06cc55ba4a33b7366968ccf275661dfdb377f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7df97d93e1759ab469ce790b2a9dac9f

SHA1
610d79036d3245b8754b3dd3a1186729e77d112c

SHA256
8b59ee275e70cec0acee023ac82189243ab99d14c687cd3645531af2320162b3

SHA512
54a0eec143f9fe3560fb7c639ac0c0a43d8d3e2c2522de5b61c392d68b6ff7b308900f362c76a20eef60f48ab25b75cedc950cbbd915fbc93f89d30daf03dd3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fccf3288c4422c4d1260040dee0b0c66

SHA1
87a36681b65ca27c3ae7afdb9f2a7024124ba456

SHA256
efca2b5f541a743c9043c7f41ccf63019194cbdf408de27a89b44da236b261be

SHA512
96024786c13424c8e704fbacbb380842970c82d36e6675efa7403e4332ba4589ee37322242f5ddc331ad5933c89c11ac5c59cfed9da404b1934f1534c4b6f63d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5819bd.TMP

Filesize
120B

MD5
6a707579403b6c793c2e2b6f8f0b88f0

SHA1
6c42bb005ad865f39980a9372af08f9e90f0cbb0

SHA256
2063fea7b1c580b1e4fbc74f34c58b012d486035eb1c350534d3d4e03594654b

SHA512
5666383ccac4e3e0be31a221eb6411fb3979a4cea770f3a82f7802f338d9ca881a27da8e09f857d7d8ca0eda60a32bd71a4fa2deefa911a0e3ed082d65063532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
108KB

MD5
6d4776013428d25bee1173574f1910e6

SHA1
9ae8aaa5036174075da8a4f11a64790942f4ea28

SHA256
fb6279594294b15bc5da2111433cce7103b2577c057655f82213406feb0bb484

SHA512
7f19d000a73b7875eff9f856060d56c761f98f0d1493cabba9ad17c2d170d05b09424a3fe421408f2a2852278f6f987fb41da1eb3205e6c1ec58f9937aaa93a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit