hxxps://191abb56[.]0c2d429db02ff72652d877ef[.]workers[.]dev

Analysis

max time kernel
149s
max time network
149s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
24/03/2025, 23:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://191abb56.0c2d429db02ff72652d877ef.workers.dev

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT. 2 IoCs

phishing microsoft

flow	pid	Process
61	1336	chrome.exe
62	1336	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133873316860931264"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5988	chrome.exe
5988	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe
Token: SeShutdownPrivilege	5780	chrome.exe
Token: SeCreatePagefilePrivilege	5780	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe
5780	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5780 wrote to memory of 4420	5780	chrome.exe	83
PID 5780 wrote to memory of 4420	5780	chrome.exe	83
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 2484	5780	chrome.exe	84
PID 5780 wrote to memory of 1336	5780	chrome.exe	85
PID 5780 wrote to memory of 1336	5780	chrome.exe	85
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86
PID 5780 wrote to memory of 4124	5780	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://191abb56.0c2d429db02ff72652d877ef.workers.dev
1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff9c40edcf8,0x7ff9c40edd04,0x7ff9c40edd10
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1940,i,11003618672023890841,2238475413977891433,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1616,i,11003618672023890841,2238475413977891433,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand MICROSOFT.
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2388,i,11003618672023890841,2238475413977891433,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2364 /prefetch:8
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,11003618672023890841,2238475413977891433,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,11003618672023890841,2238475413977891433,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4292,i,11003618672023890841,2238475413977891433,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4304 /prefetch:2
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4272,i,11003618672023890841,2238475413977891433,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4908,i,11003618672023890841,2238475413977891433,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5464,i,11003618672023890841,2238475413977891433,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5828,i,11003618672023890841,2238475413977891433,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3524,i,11003618672023890841,2238475413977891433,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=500,i,11003618672023890841,2238475413977891433,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4772,i,11003618672023890841,2238475413977891433,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4836,i,11003618672023890841,2238475413977891433,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5656,i,11003618672023890841,2238475413977891433,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5988

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:336

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c3b9ad9168b451c1d9bd789ae1ae384d

SHA1
2a33e99fcceb62ed93c0d2357dea37a065b2cd8f

SHA256
93e7a8b3f7ea6ecf4f720fb6eecf8dc20fd98a140f29c1a79d5c11a8d14d115a

SHA512
7e3b86977fb12bf94ea0cd23e0cd5748bdb2b3f0b1e42755496726dbae6716171d0b2945714930d6b429095d6ffa14d33504c1cd0e332fb51c247d6284ce51e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
7cb92b265e348dd98a0d594b8832f7e6

SHA1
db323e5a792d5ff2cf07945f483e86e734ff8452

SHA256
dbc3530d3dfbfe0affb84cb9e85748596b77205918daa097ef3eae8c43697eb5

SHA512
ef06c0a1641285713c364eb9f7f3829197a081313650279dbdbf89c5937591982d54e4fcc949a3eae18819e1e07db4d28f759a86a762b92acf7665674064a83d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
53a24f849a1cf3595d985687d6127404

SHA1
8ba52419605d3c566313afb048e14d0d0f081b74

SHA256
155617500cdae2e3773a95630af60ff50b7b4c0a0cafb333dcdd0593881e3d30

SHA512
1ad5260bfc20ac22722615668f8b0d248db7e643770d97cbef604c9a480d1a33a89d552bf20700bd970b61a9fe24b92dc905f853e4025179628ae382b749af04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8d4c8453188f0456981282d309d9df64

SHA1
8e4b8fc4a99ab80d781c4421adc6d40602870acc

SHA256
d0b04e3b4f02029385252654b206f57c803de93f2f265f993f2752a7893cf10d

SHA512
01e119cd869ff001fb9fe646884cb2f20144ae3ab838bf87bd7a1b0a08a2391dbfa28733aab06a823690c68e38c3a200012caa72eba5aea62a46f3402119493b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b3d9f2c070da2fbf88eb6cf562172551

SHA1
c27f8b843832a306a7c0559b960e9c2b7a36ffae

SHA256
450abb8f9690e7f55a3c6c353d8abe2143baa85eb21d490a782767dd1cd64e7b

SHA512
eec32edef8944f4d2bca4470b26b84ea6dde9083cc847c94534a26b032038645603970f86aeb1affdc63b25f499b98eb3ec64f88b4fcee6cadae8e1253c74974

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7b672e2afe901cdf233c584bd8c5fce7

SHA1
1a18a60a67db365469ea5e5bc8851e4024199278

SHA256
8beab17c12815b74d36587ba613ee506b12879b431e6bd98eaf68f7cd40c5b8c

SHA512
1b802603bca374e50ad151e30014817a0e42379e3be0a41e607221bc7fdcf2d0575e97a42ba2774a481651335cad19f9a9a85062e8f5f25b4c9fb43dc042c812

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
043841ac49ce56bd602093b22cd53633

SHA1
a05a65b79ab86160a2d735496b0c6191deb4b843

SHA256
3d796bd4fc262fe29e9161ef07207d0ef2fef9fddae4d24c47d1d0a10ed6265d

SHA512
89f3ba67787979b11ca42fe0d6a6fcaf60236401bb40c43f982734c8aecc7fdf4ce70a5e2c2b93f2521e0ea17cc56be5b401304965124bc094de8bd1a9a2961c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1d574713d4b04985842e7bca0b13de6b

SHA1
a34bd87f3fa7b4a30d8c011bc1e2c0e9bb66dddb

SHA256
52a625c67e1e47a868789dea504e189ff548b8e5efb93f1d9ca23dc4ed180690

SHA512
b4ee92218a39ba609db4ae96814efef8bb59d44ea891705d29e44b58509f6e55a514241160df8792240cd4c7ebb6a65e35ea1c6c02b1b46c07528c7ac85a7470

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d09e.TMP

Filesize
48B

MD5
0fbcdebf4e38707b0eada76d81450957

SHA1
26f4cb409654b06eacd8245fa0835cfb3d93cf81

SHA256
602798d91f3cefb10c2da367378d5b040a73c3a8352a3f39f51037b05ad2444c

SHA512
7b66e57ae9b0194045524a525f45d869989682ddf84b010fca76adb3b28eb29216dbea36569428fb4968a1cae041404bcae66ee405fa67962dd65a9c5185e268

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
e6e7dc328136271de4b9d88eca767e09

SHA1
cb97b6b14578080dfaaa968f626b37ffe176889a

SHA256
05f3a9dc96efef34ff1859dbe9593fff36d0f407268870dbd270eeed3a262854

SHA512
29e0448a908d84ec97421953b30270def06b3bcb80e8aa0074a935c2175cdb6f3cf21aa4a0c2b331e9e8aca2390559b9af8413f1f6c675ab1ce03a4f159469d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
1853e7218f02d42d6c89f49d8360c1b2

SHA1
edbe021681dcc816012ba26e02dc130e976c1b30

SHA256
80ed90bc2cbc94c630e22aa72a4f383fdc3723b0d33504072b15aef462013a7a

SHA512
f18289344ee01a9d7deaf4a9bb8cdc0d2b5da3a771d3dd82b81c3f878527a83e6b52c3645ddf9697825d72eb23e5008f7df67fccc6f2394eaaaf4248471c56ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
3e912ccfd97b7c245f1de63cfda40cc9

SHA1
89f684c5e4f410eb26414cdf763a9b2e7eb9b9c2

SHA256
454476f898a34394fd6ae7c54d57178ebc4b6c8b9ec1fd497b9ca16006d9eb6a

SHA512
99fb523e7bb880971061f8283c3abf994ae6d3de7b049142ca035b78871830f14a86cba6b2e323cb79e96c2eebb4c96eb7c2d858cf15a2f18657be2e123111fe

Download Submit