a43781202a6b96e3ae69938cc41c939e3c60179823c9668369bdfbbeb8a9a76b

Analysis

max time kernel
15s
max time network
143s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/05/2024, 23:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1 zStax Cleaner.bat
Size

853B
MD5

a53fda691fe649353d47d735ad2faed8
SHA1

181b4fe0025b97632b70209f62594806792a3e23
SHA256

a43781202a6b96e3ae69938cc41c939e3c60179823c9668369bdfbbeb8a9a76b
SHA512

6d67ab37245dfbe35c3ce77e758fbed856dd337a9a8598d00218e5a22d103802fa6a6e1ce43a6383532cc3b7ffb41d3679dcccda38aafe6c1a4496008d655a77

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 2076	2428	chrome.exe	30
PID 2428 wrote to memory of 2076	2428	chrome.exe	30
PID 2428 wrote to memory of 2076	2428	chrome.exe	30
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2496	2428	chrome.exe	32
PID 2428 wrote to memory of 2488	2428	chrome.exe	33
PID 2428 wrote to memory of 2488	2428	chrome.exe	33
PID 2428 wrote to memory of 2488	2428	chrome.exe	33
PID 2428 wrote to memory of 2628	2428	chrome.exe	34
PID 2428 wrote to memory of 2628	2428	chrome.exe	34
PID 2428 wrote to memory of 2628	2428	chrome.exe	34
PID 2428 wrote to memory of 2628	2428	chrome.exe	34
PID 2428 wrote to memory of 2628	2428	chrome.exe	34
PID 2428 wrote to memory of 2628	2428	chrome.exe	34
PID 2428 wrote to memory of 2628	2428	chrome.exe	34
PID 2428 wrote to memory of 2628	2428	chrome.exe	34
PID 2428 wrote to memory of 2628	2428	chrome.exe	34
PID 2428 wrote to memory of 2628	2428	chrome.exe	34
PID 2428 wrote to memory of 2628	2428	chrome.exe	34
PID 2428 wrote to memory of 2628	2428	chrome.exe	34
PID 2428 wrote to memory of 2628	2428	chrome.exe	34
PID 2428 wrote to memory of 2628	2428	chrome.exe	34
PID 2428 wrote to memory of 2628	2428	chrome.exe	34
PID 2428 wrote to memory of 2628	2428	chrome.exe	34
PID 2428 wrote to memory of 2628	2428	chrome.exe	34
PID 2428 wrote to memory of 2628	2428	chrome.exe	34
PID 2428 wrote to memory of 2628	2428	chrome.exe	34

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\1 zStax Cleaner.bat"
1⤵
PID:1952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6c29758,0x7fef6c29768,0x7fef6c29778
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1152,i,4299858719131997454,11696577061690271929,131072 /prefetch:2
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=1152,i,4299858719131997454,11696577061690271929,131072 /prefetch:8
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1580 --field-trial-handle=1152,i,4299858719131997454,11696577061690271929,131072 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1944 --field-trial-handle=1152,i,4299858719131997454,11696577061690271929,131072 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2148 --field-trial-handle=1152,i,4299858719131997454,11696577061690271929,131072 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=972 --field-trial-handle=1152,i,4299858719131997454,11696577061690271929,131072 /prefetch:2
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1424 --field-trial-handle=1152,i,4299858719131997454,11696577061690271929,131072 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3456 --field-trial-handle=1152,i,4299858719131997454,11696577061690271929,131072 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3464 --field-trial-handle=1152,i,4299858719131997454,11696577061690271929,131072 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3748 --field-trial-handle=1152,i,4299858719131997454,11696577061690271929,131072 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3760 --field-trial-handle=1152,i,4299858719131997454,11696577061690271929,131072 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3592 --field-trial-handle=1152,i,4299858719131997454,11696577061690271929,131072 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1072 --field-trial-handle=1152,i,4299858719131997454,11696577061690271929,131072 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 --field-trial-handle=1152,i,4299858719131997454,11696577061690271929,131072 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4352 --field-trial-handle=1152,i,4299858719131997454,11696577061690271929,131072 /prefetch:8
  2⤵
  PID:2828

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
219KB

MD5
a54050eb2a6184f1e703165402a429eb

SHA1
7c273ee43cd614151ee628cf156c13b30080d220

SHA256
c26715c4c1141af371f114277c53d744b9dcc7c610ddf2e9a39fe70ee13f14a6

SHA512
3831f5b61af37d719d19a11707450d647f728f2e24a918e428c7a5621719dfc7cb526ca9835ecea3791b47e0a655e5d581338bf670de2c1a474fea13992607ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
20KB

MD5
73a660fb16898416c21ebcf60baa0deb

SHA1
76b4f4ce3c6cca79d9126a24c95d52743f9144ea

SHA256
48f3231705cb876cce90c4342e5c60b792b3b8ff18e59954b214b85ddfd2f7ae

SHA512
831af2a7f03b8f246f9425e21dc74a646bc9213792c3b12fb4872a9c8fcac7240584dd8f6672802b5d75ec86d7e56186468205658cd01b428ea7f6144079fc5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
46KB

MD5
ac83857f0497a4a0e7669329827cf228

SHA1
18ea483c966969e43a654fcadea9719a8aca370c

SHA256
43337a1354f376890cdb73f3dbaf95a8027761c574c30cdecb321096be485d3e

SHA512
6a35c50764d31d4bac07ddbec2329238cd04f2c58c00629e523ae7fc2a7d6be5d1226f8fb6c3c1043b215c38c47951a66fa8a9d4f4d6ddce7664bd1d011db2aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
793KB

MD5
be76b648dc151abf0cdbc1b7ae96d382

SHA1
82a16ebe2139681d175d434f0c7241e3f2b8fc15

SHA256
f33a7317eba6deb8a2ae9a19a05e2c3835a4ad1d9ba9c4183ebe5ee6f56b181d

SHA512
1be40df8937af7da21bde881aacd1b4c0e0edbe3a886dec83e1ed4e52d1e2bc0486e9c40c89d1006e32556511d08e9351803ed73f86b77ba608df9a4d2df7b02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
32KB

MD5
1542c27b01fd87993fa01b823be73ab8

SHA1
e929998859413f4719dadd5b4941e3f2307b7169

SHA256
0a26264288c9ad93cb6674eccb3abcfbf9d05cdfef384107138c5f9b5c5d4782

SHA512
e100ecdbba9f8ccfd9d465be39da89a5e4498a35b7b5008dfc7259b67bbbb9d0ad483cef40e6433a20f6a62d53beee9ca692fb4dcf6ebeb22dce690725bd6346

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
32KB

MD5
580d16706ce998c3498ae0644d9044cb

SHA1
1581837820e4178ed6f7d523736aaf8921c75fcd

SHA256
08ec720bdd82b71c543c5cad47a72be31221110b21f9a21b3debf0c34da8679e

SHA512
82bc366ccbfe13ae3f2a25571d6bcc9ccf8a50e879b2e266cc0ab097919cfa5d702a8ff73a3010a324f720d719b8c3b601f3d5974cc0212039b07dbfbdadb353

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf769f3c.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
24bb95af008aabddd2051d02ecf842cb

SHA1
9e1729bd23ae45fa4b927525762a780ba50e4ab9

SHA256
630e9c93dd7898556dc5b95ae1544375561ec9f310bea1d1c652ecee431bfeb9

SHA512
a556f556618b11edbec9b0c8e03f9ae3323354eb57aa42e8e4f362681e179da926e4ae4489ae5bde39409205c7a27b035c73e7ebc2b6617a1444708be0d28a9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
361d654ce3a62cde58779d2b6728edbc

SHA1
d13f6a30eed0fffb4dd9e707fc85dc7750491e5a

SHA256
2e744bc87544c3afa48f72ad4fd98ed313175bffe85b23b038d024d664d615ac

SHA512
ffb16708e5deb632dd3a411c8f062e71eda57809ea0b4524a5dc8d0ac9f05e1ebf6c88b9a99f546dacfa3232a1f526b6ae54b7843cdc7f61ce05a3536051c3d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
d786c30014e387d9eb914952f6dcbfd4

SHA1
68083db50ec2be0a2feb70955066561712ad1fc5

SHA256
ef683f0e27e5b97a68c0f207b2a310a8e317c5e50b69caea3a7459777dfa58e7

SHA512
81e865cad440935acd0be79b1427a3d8281b25ae184dc32f13afb5bf66b278ce9ab29be0ab57f4aac4e2869e46649e36f2dcd8303392dadd08d6e50a0be55776

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6fc4db4a08f203184e034675692cfe53

SHA1
e8116c93d47f825db9ea84e4d3ec5437bb112b4e

SHA256
c8a8c53b39d009ab6fb097ce6493c366a9044f02fcc155facb66882f020fec4d

SHA512
c21692a73aa5a244fd04a84a11ce9a3b03cd7b28dd13ca83322229325a3add6251effe06b6a0882b4aeca9c89cc8a29809b49fb5900eb6cd0d038b1b222256d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
50a727dfd4fea0ae8df75bef3b3c7051

SHA1
a1e44828aff56062c94187958453a5acce25c401

SHA256
5504ed935b84ffc87f560e57c5abc8fcfee016d61a5e1a47d0d5dff5054ffb7e

SHA512
e3b8e32271a3ebadd60daac4131bad1242e0f3f4c15391521e46528008e8a59619792bc86bb7bb24ab467d1fed6e1384e684d86586b303799588c93619be0cf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\77828475-cbfd-415d-a452-90be7b172544\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b6deaec1-aac6-46b0-bf8d-42243e3a35b1\index-dir\the-real-index

Filesize
2KB

MD5
81a7d77ef74f3312400b65ff432b4c32

SHA1
1cb3e9d7f85502d57afa1fabb6c93e261920514a

SHA256
cd13d80bae45d726c200bf54278f3a5aaf32079c9561e95ec8b2a1040133091e

SHA512
f078394ef3873663d675a9e430889f30f09084520129424f8a99c2eaa2d8e0379405aa56f346ccba43b25a3869c6fa3e716ab3f23fa77fbd182de6a86b685497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
810ec1cbe764e1d7a9713002cf45e5aa

SHA1
971d625dfd020b5b391749e45d16d7fc120838ac

SHA256
84ee2c49363b7a3418fc18da6df5f2595029383a52f0a9c95b5e81a7f384b1a5

SHA512
51ae5d0da8101d6da33628ffbd446aa25fc11bf01d664547e3cbadc9befde709d7352e719eec26f6863b880ceee72ec5df569dc1cb5956628ecc104806773a36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
a6295ddbdbb6df1e4fd4a262f88032f1

SHA1
f131f041511a7f226f5cb930a2146457c40ae653

SHA256
b0f9499c884a5efe9acff9d5f3bfa9a2f17b845fda934be9cd12bc026375f4db

SHA512
4bb9c249271a6ddaf8be75e6eae7295d7bfc692b0564d877df4a1847d2e47244869abd5c7f31b3914c5989ac4f453fd77ec3680e5965c1f7dfca1a8a1c2149eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
f882f97390ee4481e79061a8933bb12f

SHA1
0e0d628c83b4c97c80e2b554d3eb4486f798a957

SHA256
83c2d56374071ee82430f73e45b8c3a34235e8216f915693c467ac39acdc5b51

SHA512
efb289293c96af84392638084606432672167f993d55501f77b36eaacbc7f2750eef6a06ccb152dd969ac7bff232028494b86d547a826f94b2effa1147fc5778

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
dd383ba824c60ee65edaee49e7273fea

SHA1
ca0bcfb396fe2db509027a4e1d9228c950fccc07

SHA256
64436bc316880a20c6d130a084d959bae0c0c81484a352ceb2b6bbe5ec5e9045

SHA512
e65826917b097f3a4a9371953ffc4f9630d2b7effbdd617a14ceebc8da92619de12e0d0e6ab23f2e708834dc1c1419f200d86441517e2ff780a2804d53e0549f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
256e305864dae0aad3dd44e08446da56

SHA1
bf5871eeaffd477d50ef01899668213bb0e3a357

SHA256
14ab1297788bda7bc1320690cd2af52497ea99d35cfbeacbc4fd6ece704ef5f9

SHA512
fee1f3bb21cde212974f1887ded2a8c7d9fb7a24b8465ee123c4e9c24b9d3b04f9d9071ac37bc9370135ab608285236b8a3ccda168748e2f77cba948171ab1bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2428_1957828336\Shortcuts Menu Icons\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit