hxxps://acard50[.]ru/50

Analysis

max time kernel
149s
max time network
144s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
08-01-2025 19:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://acard50.ru/50

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133808384864341878"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe
648	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3448 wrote to memory of 5116	3448	chrome.exe	78
PID 3448 wrote to memory of 5116	3448	chrome.exe	78
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 3760	3448	chrome.exe	79
PID 3448 wrote to memory of 1448	3448	chrome.exe	80
PID 3448 wrote to memory of 1448	3448	chrome.exe	80
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81
PID 3448 wrote to memory of 4064	3448	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://acard50.ru/50
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ff983b0cc40,0x7ff983b0cc4c,0x7ff983b0cc58
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,2206858355460131558,2424157778829231726,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,2206858355460131558,2424157778829231726,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,2206858355460131558,2424157778829231726,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2176 /prefetch:8
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,2206858355460131558,2424157778829231726,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,2206858355460131558,2424157778829231726,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4076,i,2206858355460131558,2424157778829231726,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3116,i,2206858355460131558,2424157778829231726,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4288 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4824,i,2206858355460131558,2424157778829231726,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4904,i,2206858355460131558,2424157778829231726,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5020,i,2206858355460131558,2424157778829231726,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4692,i,2206858355460131558,2424157778829231726,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4736,i,2206858355460131558,2424157778829231726,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4372,i,2206858355460131558,2424157778829231726,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4836,i,2206858355460131558,2424157778829231726,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:4672

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1952

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3572

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
401c1767d54f51e85c1cb7a876f8426a

SHA1
6bb6a66eab2d771341a2bd2a649a1223317a429c

SHA256
c2953dd387dce51207e3d9a03f501cab1b330642cc994e20b8225436ff18fb24

SHA512
c6058c10b61c25d37ec10abe1bc92547667946abb867549260d45c57ce651dab692e8191a512c8e2e8b638ffb5eb0fbc49063211cc6ad0acc0859f770c768c3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
cb35e72f1f286cc3b5332be88fa40088

SHA1
5695f7e3a92193598cee725a2858ad32ac819598

SHA256
df6b9c6d9696ca1b192c06a2dcf80ac6a3b29548de4ca801f41caa9fdf4923eb

SHA512
b49d2dd9417d7f63343fed570a2fe092c12918367f816cb2ea259ba990f498adb27c17a48787ac328ca94d3f758c9d2db73d31209a389b7bd079b163597180e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
89dfa03a8bc6a17bf90fd79b29affd70

SHA1
1923afb57ed550187bfff893041545ecfd3da842

SHA256
aac21e07afa24f0f79b64efe5017c9f307771de837c33639b5788b35f9e3053e

SHA512
002e93842c2e45076078eb2adcfd5b3559cc39b290253ec511d4fb5aa3ff53da5066e6b6f8940523e4f6e068de7f13760bb9437ea88a1b8356bdc6a8b9987544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
614766d85dfde0b86752e9107036d228

SHA1
af7f15f365c068cd3d36c57ebf0a97f69ca21b4f

SHA256
e6beabd2d53fc3fe8cc33f2527e8a336ae80568737af2eaf56bc69d4aec80eca

SHA512
caabef412ab2fa3714bbd88b31dce0842a3cb7254f17e3e05147ddf900fcba5eeab6417b1b4959581916a36d9136f86151f4c6cd9708fa4c5809aefd3c4f6dbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
1b76f4d75ee3643d26babe0c17d4fb57

SHA1
6650ab6ae3fad0070db372a198381031e0d80730

SHA256
f61fd49594db065cc6f72f853298293fc02a467115b261cd3068afbc3925ab10

SHA512
d824e2369f0b6d3f41c4ae310ab39e5f4b78e80c4dce43358c40a8ef03b341476239a4cd3d54896737a5e076dcb253b4053b74aa3f67bb3ea3d5a03bb1ad29ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
97b832f942556bee58d29c9937b75d3c

SHA1
562afbe733d39ef4dfb0be9a0ebd95f10ce54e8c

SHA256
a808e143ea667d07a7f428ffb4bcfd1b517c45aa23ae67c4274d7c1a354c55e3

SHA512
2ee05578b4542a6539e3cdbf474abb189cafc4c43b3382bceaaf249fb3fd6156e7f4ccc2f9597132b63760e2468d3daae65b63844ba7b59e62fcf0a5129a7baa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
59a608b1b1308cfc70925eb4ce644109

SHA1
e3ca5a2e5a0b3377207bd7973de9da71920ca3fc

SHA256
5c5b71ed59ea2257cd7fe393c3ca020ce148235cea48e7dd36afaf12996218f6

SHA512
84490a96b76d3e413c889e1795076f2671fb4ebd7992283702eaa60f9f21eff6a445d8149f1f3d791700617d3ea05b6b6945c8a6e2168182e41c9a474f822ec3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b361bf742098031770fc918501ea954a

SHA1
e2764f60ad83361842c42af4ffc0b3ea731b5d56

SHA256
2ecc744c41ff249249ccd181498e165cd922579c4dff841615bb73c3a7c95ed3

SHA512
41e85f350bbe3647c08f0eb264d547a5499766ea46f8f3fa8960936f4f985d7eaa410b142f15a638ec4626de63ee4e2a785c41bdd938f1380ba30c821c360783

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
317a7863204313920844f9786dbbf064

SHA1
4ffd6023ea4e4a05d5b6e28073e9788d91f35404

SHA256
227b5005e7d01bc70c704bd1f91ae18911478a6b4bc458065ff9ec79bd3e6e90

SHA512
b6253b060214a6bfffc805644b7c99a1d849cfb7c4cf54717e37fce00ad42dfb243c38a10ad04c5192c8a2216a630ae190cced7ef669c2d956ef8902e3afbb74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c01cf413e368184b17872e3a63989250

SHA1
82aa17c35ff4aea4bc6c764ab10e90e9fe5ee2a6

SHA256
a8a7cc3b6949a69de641b53dd49a99fdab9002855a8e8be1689fdd92920fcbbb

SHA512
f14a1992bad0c40aceb229c852f340c9537dc396ad5eb0a9ab6da6f473958525f8b5b603dc589a8e6286ecf3ac51773957986b86561d998e261b7b693f93255c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5050893e37f7326b524c5b4c53b67104

SHA1
662779afa7b60b37f8ff791895dc2b1626481584

SHA256
ab617f078c11113db415370907a08fd9e3c06a35a33a7add960c4244046dd1d6

SHA512
24a29ba8fb8185b9d9af582eeeb0e4ed46ab6d9f370897c159bb46493eeb47070b96d78daa9ab82da577f4adb5ed1bee3365c3ff9b230bde1cd1f879aa3d7fc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
99867231b2b2e62ae9ac33a64c3a90a2

SHA1
0e84910a6bd565637429769496d0ba13549cf7b2

SHA256
87bbca540467bfefeed0e8f1a8a0259ab1769fa19ee73d9c662d6916763a3b9b

SHA512
f65ef22b4186e3079daabcddb629df8bf70241c1ee13576896a028a99604d5bfc435fa9d6a201b126a0b384b2dda090a75b31db2121ab7108bc5b4dc4b0787ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
44830a3f5fabfdf91b05481d9f0abc07

SHA1
6d3720e355162736ac32eb7e993916ab58d04854

SHA256
8c5f94fff3a555de2cfca44f8a65b97a7c56a2f68d6bc11cbfa54ed55cf88c32

SHA512
45ad459f0d4c20c04828ba3d8f75071fdc36f6f27726a125c723daf96eb09a60e3eafa2ed3a893e20b595c528d3fd8384069d70eb2aa47011239995694fee16a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
727cead6bf4044af1f5ceb32161859bd

SHA1
9aaba208a228ac18758bb04de93704df30c78286

SHA256
77cf517b3bf3ef336a2deeaadd14d108946f39761be75444be74cdfaf461fc43

SHA512
e9e0d10e201018e5c1bd8707c9d750cfec68059d92598705773bc6b79838f46fde787088ea39f6992d26eb487be2a963a23394773abfd3c32d283ab4fe6b8528

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e5d590eafd30f94c0a3ba2c7d0889ad0

SHA1
f6dce14def052875379b6ebf26e981f0ae15a9cd

SHA256
852292f57caa2f2a12a965ed3904fdbd02cbe1a4fe07f60ea62dfb33829653a9

SHA512
91f27985e0335dbfdc55b92fca9dd07a4c93cb7ed6a4504dfcb5e810b614b54da228b52c16a19ad0a9567bd62ba013dd3ade57713f87d749acb16f686f1bd396

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
51bfa1c129a1665520e4de1ffc30fece

SHA1
599a1754c35df6ca01c2fafe361e74a91605ea13

SHA256
0f196f8836e105e621c620abc03476c4058e7a37181ee186220df90fc1184439

SHA512
0173ff417cb9038a5a3ee8d844f9acdcea81667a51c639c2d484dc1e71abe99038f66d155323b09a23892bdb85d8755c0a1006d610c6e23e1fd9615474d6e286

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8f9c8336e2d3bbbaf9c41ab030a85792

SHA1
fa9f7e62d28ac75860a4b6d5b2e6652b3fbac98b

SHA256
d18be1f05d4d44e9c5741a65bf3ec66158962983272114f96383150514bfadc5

SHA512
fa20acbe1fe7305f5c244c19c363366b0f9cd3e804fd23fcb0a8483150afe8b7079a31239e465a84974cd019c61d9e40fb0a115a4250742031482e869b9386c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ff4ecc03-cc1f-4060-8ae0-2958273efff2.tmp

Filesize
9KB

MD5
bdf22b1c2dcc56f72062ac3ccb152ed8

SHA1
90aecf11937f793b6b716cfaf121be05bcde82f9

SHA256
0c02f7335aefa812019c3fabb3540d53113f2527264b1ee414299a09462d1f21

SHA512
543cc272d5cafab41dc7a8b01fb8df3c0ff67b7463d3bfcef04b013ad757621cd488443913c134f1d7623a13d48d58a2052257b7046b96c301c45fe34fee9417

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
332a28d8f0c2240fd3dbeebd2c7da338

SHA1
531ef10bb0f7f7154cb5bd6bc65383ebb03908cf

SHA256
880a7e12b4bcba94339056388277aeadeb8f664343e7631326ad8ccc6ebbcfca

SHA512
2c01037f93b5221f5f9767a8b6a72f16cda54ca8ecc7ffe907f5b8c4cdd74fb365c6ff2f02b245eb51a5b2ecc85473e3cce47d9d2de2bbc8de40ba3b6ef88225

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
b449025e138e71586c18746e9ceabc69

SHA1
cbade16f4101b2ce0819d262b3de980413f11166

SHA256
0f47aa2f1bfa733272504c13d7fc3e48814cd6fe8625f78a4550399a2cf8696c

SHA512
f97f89561786b9daa4d22cc29c0fdf7799e1ad6a2d2ebe61b5bd07521b9b1882ac022cb19f7f94d7163796ccc38b7a5548e0a1386f1c70f2d17ac2d72c75d07f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
0e21f37909349f0a524d050f3c5ec9a9

SHA1
e4cdbbf3470e646dfe09c8b29e614aefda54e64f

SHA256
624576102750c5c7b6f0727c0057c17afad870aa4c119bf3b3141459c1c89bd3

SHA512
aed2b3fa1fada424f4a05d10d0ea8ae2a4058edb5249e52f32219522563fefb96c8ea2259dde33bb132dd5db1e46c918a0b07616873f36f5a8929fed7fe3f922

Download Submit