hxxp://xcode win11

Resubmissions

05/03/2024, 21:06

240305-zx3b1sad32 1

05/03/2024, 21:03

240305-zv9y3shc7t 1

Analysis

max time kernel
199s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2024, 21:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://xcode win11

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133541464276888983"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "124"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1208	chrome.exe
1208	chrome.exe
744	chrome.exe
744	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3792	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1208 wrote to memory of 1948	1208	chrome.exe	87
PID 1208 wrote to memory of 1948	1208	chrome.exe	87
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 3032	1208	chrome.exe	89
PID 1208 wrote to memory of 4380	1208	chrome.exe	90
PID 1208 wrote to memory of 4380	1208	chrome.exe	90
PID 1208 wrote to memory of 5112	1208	chrome.exe	91
PID 1208 wrote to memory of 5112	1208	chrome.exe	91
PID 1208 wrote to memory of 5112	1208	chrome.exe	91
PID 1208 wrote to memory of 5112	1208	chrome.exe	91
PID 1208 wrote to memory of 5112	1208	chrome.exe	91
PID 1208 wrote to memory of 5112	1208	chrome.exe	91
PID 1208 wrote to memory of 5112	1208	chrome.exe	91
PID 1208 wrote to memory of 5112	1208	chrome.exe	91
PID 1208 wrote to memory of 5112	1208	chrome.exe	91
PID 1208 wrote to memory of 5112	1208	chrome.exe	91
PID 1208 wrote to memory of 5112	1208	chrome.exe	91
PID 1208 wrote to memory of 5112	1208	chrome.exe	91
PID 1208 wrote to memory of 5112	1208	chrome.exe	91
PID 1208 wrote to memory of 5112	1208	chrome.exe	91
PID 1208 wrote to memory of 5112	1208	chrome.exe	91
PID 1208 wrote to memory of 5112	1208	chrome.exe	91
PID 1208 wrote to memory of 5112	1208	chrome.exe	91
PID 1208 wrote to memory of 5112	1208	chrome.exe	91
PID 1208 wrote to memory of 5112	1208	chrome.exe	91
PID 1208 wrote to memory of 5112	1208	chrome.exe	91
PID 1208 wrote to memory of 5112	1208	chrome.exe	91
PID 1208 wrote to memory of 5112	1208	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://xcode win11
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab4b89758,0x7ffab4b89768,0x7ffab4b89778
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1720,i,18363535094590657124,18153303424080690608,131072 /prefetch:2
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1720,i,18363535094590657124,18153303424080690608,131072 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1720,i,18363535094590657124,18153303424080690608,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1720,i,18363535094590657124,18153303424080690608,131072 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1720,i,18363535094590657124,18153303424080690608,131072 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4048 --field-trial-handle=1720,i,18363535094590657124,18153303424080690608,131072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3316 --field-trial-handle=1720,i,18363535094590657124,18153303424080690608,131072 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1720,i,18363535094590657124,18153303424080690608,131072 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4084 --field-trial-handle=1720,i,18363535094590657124,18153303424080690608,131072 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5132 --field-trial-handle=1720,i,18363535094590657124,18153303424080690608,131072 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3280 --field-trial-handle=1720,i,18363535094590657124,18153303424080690608,131072 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=312 --field-trial-handle=1720,i,18363535094590657124,18153303424080690608,131072 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5368 --field-trial-handle=1720,i,18363535094590657124,18153303424080690608,131072 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5664 --field-trial-handle=1720,i,18363535094590657124,18153303424080690608,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:744

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2712

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38ea055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
89d79dbf26a3c2e22ddd95766fe3173d

SHA1
f38fd066eef4cf4e72a934548eafb5f6abb00b53

SHA256
367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69

SHA512
ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
9e795a404cf871b9aab8748eccbce04a

SHA1
472fa9298b9681dd9bc47f1ed246fbc2fe5b8640

SHA256
0944182130a0d40e757466ec44593d5b39dd4982a7e21bc6b87bb0e3098e3731

SHA512
5aa96d6b683012435beade48bc8a2748d8615db248b6bb3d804a453752dd8594d54fadeab83469aecbe807be675dad0f8c917f688a2e8a6abfb6ad95b1d0803b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
deb4a063c05e40de7cfe84f64bd74e23

SHA1
aeec8f4fcdb006e76efc93177b8300c851e6bb8b

SHA256
c3c46e60a47cc0bb9ed7e92160b5157d01b2579a034e7c1bf9d6efdbdba1f0a1

SHA512
cb2cc02b2c20f248acc5e085eaa6f0b0c588c642714b566918786fc5f58b762acfeda8f5efac6b0901cdefe52b1030bea1d2ea9666a95c9fc25fb4132ade5b38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c3a18c2e61a3531d079ccd80b3aea927

SHA1
7803b61164e404abce2c0f100b504c1da4295091

SHA256
2a5737a3b72391a855ae283eed5cc32cd87ba401c117ebd16612effa18b3e8b9

SHA512
15c268d431204f721e23ac5963d03fc389e288dd42f3eee4c6314e199099e0f9cfbafe5443ccf0f73cde8a4c003af71b12ef25cc59417fcd77fc43a841911a20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
7586f9d58573a5a173040534a0a6ea1e

SHA1
20b2938fd39531bcf46fec6125e7a52b3d68fb15

SHA256
ef4822930869b3c64b8eed74a28fb15d657ec8ef5d51de087bd830a159128df0

SHA512
00a2dc87a4655d42336fcf30d9a1d76e5850c86794b33e63868ed4b66f9fc6240efa7e85d07615c892616889acde676aa75e1a2f17bbdcd2b2dbf8f98249db5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
471960e3349cf753e9f6ff9789828069

SHA1
5d1244a1de5a1cb35b2ee5932e362cc1ac3ae6e8

SHA256
9584ec635702b254afe170e4360e41662e5885a0d92ef1d20719fdf455b7e003

SHA512
6f24f8de04a803144120c597d4950fba660ce77cf979ff15fe0448eebe2e9e01f029ec83eb81c15ca079faca5725e6a0317d346124f91a421f202f2b71095af9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
73e41f6b6b4413dcfbc2afcb4d7eed50

SHA1
ae2df35b8ca4d3a94ab44c5ead4099376c4f1e96

SHA256
9fdf94a187c62acf31fa8d8306211e79968342738054d3f9fbbfaddde39df3c6

SHA512
cf09286a61a9c1eb1540af80cbe7877615f6b64fd063bb6ee3feab58a10ae80584c581dd09cbed9ed95a8f0b4de3475fcabeee2d51b4d65338198d90ad786a10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d82e35c1574dacc2791e98938028ded8

SHA1
430882e557b9adf757bd409a0cf9e4ef764cfebd

SHA256
f9e4693c74b5670be4ed79f4b5933a64a5abbf1daf878e3db9c9fc9d81e88028

SHA512
12d773a2094194ca601c8a4d62fa6879fb02a980b706b144c1f9f62a19e32f6253dda750d55bd6209fa126300c3fa02e8c06a32561c1d68b4d99e1476f7f92c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
871e36395801277bdad5574dd61bf114

SHA1
c177a7e1a3b8d35384ca5d479c75b1fdd48ec46d

SHA256
6d57406ebfd96c7e77a6777e6d72fbd0d4db1a014bde0a32463506e400d1be74

SHA512
59935c07c7414bbae2c79895b6d895f6a1d5a4f8c87e8980fa87e023b2865f3951863b9a14d344428b775c15060f253f2e081282e96017f13fa7f6d38983eead

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d7cfe2acc12a79d27b5f7226046a9684

SHA1
2ebe44a1a4f1de9a2f00f12124e373ccc0c52335

SHA256
e2868bd5167594d17ce881216f64b41624c3dd1839799d33b333e6fa9aef439d

SHA512
5b0b17f1d0ef5c4dfc780e446a4f0441945a352a63d31b32047b2694ad850c5aedb9198f8b7f8ae9b939556b980ccff328c1f3fe54ccdeb829e9ad19510c2f79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cb9caa7b9cd4c045813d27a8b6178280

SHA1
151272324f9f78e712971d325fb37732ce5f6ab8

SHA256
25f408358e88019cb5929df1d7654ea91ed60d84614f63aab598c4efa039bbe4

SHA512
4b1171c12379ba24ce08e30eddb8f7190afc4560e0b47e110418ce3e19227e823f209b491021c7740766363f9a93368aa0614e84b34f53689e4e1ed0e9196850

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
222deabf17d10a8372679bcf01538acf

SHA1
4657f6f49ecc68c4b17fd6fa5744cb89ca5524a0

SHA256
d509ac1daacba6b44ee515e886cb1054049aebfc47e614badfcb9669487f5e97

SHA512
23305e53d2370b10311061f7ad9fff41fd2453530f68351f39f1189ebe4835a9408dc953f5df93639c681933034d7c8205e28fe1731383f3ae4a4b4a08433c30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dc3ca8f8937a51eb0430461d3823946c

SHA1
19a61a40e26826bc3cd80144994086334d4c87b4

SHA256
d0509a762888b85c38f46003636968aa46b7a4a649155b33ff3b75d9304d8b67

SHA512
a32d3b3f15c25b982c33f2efbdfd864a6d10e8ecbf2f4526d187fed5ede426d9abda540ebfe4569d0aad0689f0c4579240f343954d8c1b0e26366ae2623e7a3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8974a3277b0c1b8e0eb4911bed8c578d

SHA1
4037a6a1eb25475fccb83e162f818eb522f84d72

SHA256
0099b2fb93eb56a9521f38848794fec34f2db47b29102c34af4c8fbf5bd681cc

SHA512
4bfee1c2835181deff5f5f0a980e91e7de2029cce317f3baace287a4d294dbf5ed5ba2787cbbc97571d75756a46a4f75bac8a5971feae1c0917cc53592e48ae6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7a3fa13d58f98faeac2e11217156d060

SHA1
449191d4956865aacf9452b8ef8428e72ea44df4

SHA256
52060b74021eca92f49f3fe9ef10e1c59f03e14cc1efdd0c6bd1ca6440b3a86c

SHA512
8b7871845e3d0fe44ac1a15c3dd0b124e3a77b5c14bacc1ba867cd85702aac703bda8d9e174abb66148814063d6b0c11c76d1d68635de3b7d9bef9b0f350de10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
78107404df0735f77d56d24502504166

SHA1
46547bcafb01dccf6d15631bfa0a7e50a2dbbf03

SHA256
bfacde5fa92b4343f6e3fe04292ca3d8fee8cbef3011a8cade63b5a4639e1d3a

SHA512
23b9689667ba7a20729e8596487432bb71406d0eb6f44da6a8e2e2cec19e8415ba418f7ee682f6274b3a3b1ffe978fc64af95f17f4d074aab9d3b3ba9db115a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
289c86b7f094fb6d52076618579a7aec

SHA1
d0e0bd4fb720c115ea304ecdbedbe81aa0c7fc74

SHA256
f22761e262b138d766919c9e8e626664f7ef586494210161e3e70d9860306726

SHA512
88c6c10ce2263368ccfe3fe987adb62a1d7827c114265f4f85a9589180300d110a53d82215a7d9432fe2e9a109743d21cf25c9cfc04ab62d23d3443302fd67da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9f999e5bdd07d35171e2ae565f03cf90

SHA1
1f6622dab5fec3f1df69c1cf1bdcdc32337193de

SHA256
e367829a6899c14961acf3ec7296d36c3235a76f0f562223c456e3fdd05c4d8d

SHA512
dfe08b3eacccf8eac86d8b559f23eac04abb891e56fc25f5ea341f1a50f4819c36c284484d74b4027131bfe85a2751c209ac5dc0270f1b78cfdc9f72d6054449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
48df1916c5754d784a28df30f05f98ef

SHA1
c03d20658435e3e69fb9d00f667ed1db8b0294b5

SHA256
807b9c3588e430d7b215bbe086eec2efc91ae57cd0b75197ecea9cc10e8fe0c4

SHA512
0fea98c1cf293ce059edde6b51697d59047c3c8bef9985566ca9aca1db9319cb9ff517de679f15a58b4e2d9e6e194ca2a6d205b0570febd0a54fe234a29cdbbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
ec49830850592b5f769e8213da1adf95

SHA1
ca58340aff53ec522e9eba861c1302cc4675275b

SHA256
fda1e8e9faa8c68a771e71d247c4d12bb8abdf92686542fd5cfa5d6ac7f432cf

SHA512
9bf49937c13ac399608983f140e6efa7c3d8155c543e7da9ed600b4276cdaeaaaa0b5a872f22054d7e2fb18cfa8b767f00a2a89f861abf5cda75f2bf9ee98bba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit