hxxps://UFW[.]xcsyiuul[.]ru/VgRu6z/#pookiehead@dell[.]com

Analysis

max time kernel
300s
max time network
293s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
26/03/2025, 13:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://UFW.xcsyiuul.ru/VgRu6z/#[email protected]

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133874700752478952"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1216697136-3907990103-1733992739-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1216697136-3907990103-1733992739-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1216697136-3907990103-1733992739-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1216697136-3907990103-1733992739-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
4696	chrome.exe
4696	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5188 wrote to memory of 1488	5188	chrome.exe	83
PID 5188 wrote to memory of 1488	5188	chrome.exe	83
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 4964	5188	chrome.exe	85
PID 5188 wrote to memory of 4964	5188	chrome.exe	85
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5000	5188	chrome.exe	84
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87
PID 5188 wrote to memory of 5112	5188	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://UFW.xcsyiuul.ru/VgRu6z/#[email protected]
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7e81dcf8,0x7ffa7e81dd04,0x7ffa7e81dd10
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1868,i,7143738337601637060,17642697533713064660,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1428,i,7143738337601637060,17642697533713064660,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2060 /prefetch:11
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2332,i,7143738337601637060,17642697533713064660,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2468 /prefetch:13
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3204,i,7143738337601637060,17642697533713064660,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3228,i,7143738337601637060,17642697533713064660,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4192,i,7143738337601637060,17642697533713064660,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4224 /prefetch:9
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5112,i,7143738337601637060,17642697533713064660,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5044 /prefetch:14
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=212,i,7143738337601637060,17642697533713064660,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5432 /prefetch:14
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5216,i,7143738337601637060,17642697533713064660,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5444 /prefetch:14
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5412,i,7143738337601637060,17642697533713064660,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5440 /prefetch:14
  2⤵
  PID:420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1052,i,7143738337601637060,17642697533713064660,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5376 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5404,i,7143738337601637060,17642697533713064660,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5432 /prefetch:14
  2⤵
  PID:5652

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5092

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
09946d12b749565cc6294b6d0ea2f2d3

SHA1
ddf7065fed5d5f765931ec560964de6e637ad7c7

SHA256
ce97bec5d78fb7edeabf61294c26c8aa882544d819ca532d3a7a652f7c78660b

SHA512
5eb08fb3b05822130923e40be6a68ece7ad7de36166ff02cf937bc1c3ba55cb12ca62eab1539b357ef7f2af02aedf94f03ba420aeeeec5a3dda73a99962db68d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
187a7b4619950d415230403cfb86d04d

SHA1
a924e418d06a5524eedcdb889af0efb85f1e3829

SHA256
ce03c67d64fd628183acc947dd73c6acd93d54cbb2eb9ce1d5a313598dba4049

SHA512
d6a4b678f682502f368c4d999c9e64bb5ee638a1611e8f3b5982e84c4e62b15a9b09eb6c236a94271628bfe6d89a5c795d0f0501e205c43f6837dee441a82910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
b65a3acc352a389f8264f3b9d43c0e5e

SHA1
393edb08a931d0c4c9056410f0435a2ff8e053b2

SHA256
c13384bc211ffff014549e83cc6f5692fc270efb3e569e83989d23aa66cb45c6

SHA512
5c4450b55e28e631cb12e2b4ff6a106e23a5e2fd03450f5233147a723055cef745dcc9c0a72ad98f883982c0ba7eb29014f8e50b1fc1aee22fe44b4b5644038c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
721b79ea50096f5905c834fe82f321c0

SHA1
94feb4ec695a37318d49fa0b43d0018fd5271c60

SHA256
14cde6df34b551b5c124efbaebfb2bbfc7258d3cdc72196359b3b7edcd08a28c

SHA512
2c9c5e8e8b9823cb943a7e65f7dfbb1ce64afc3123145bb9b52b568c3fa16f36a1da7bf6b943f8da9522395a2dc37031d2cb221300fbda6ffdb1b3d68f0c106c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6518a4d11d4742017aa952e27bb455ac

SHA1
4f0121ae2de6210b5f81ae6ae1c7271886783c7b

SHA256
0882520a4642b6edf014745cdd597f3e1095e85b47ee6cd9fa1dc3336431589b

SHA512
3d9c79de61141e70a501ebb17dc74cf9d5ed33758ad299c176b37c455b8fc275a67c04ee93cc3c54d381f44b81bc012cff90ab4338fdeaec0b6de3946abfdafe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fbb508597873dc4743526bd91d6a74a6

SHA1
643808b2fc41e2febb89ebab899c78bbca186190

SHA256
3767a313a42550897940cf5f6b97ad411cb881a1f42a247fcaa2309b18ca6d76

SHA512
f9ce8a21b03d42b424da713c17789e6bc1c73cc7b2665598f0f7265241fe508d7a7532cfb343285e0f1b5a95655f7d1fd9ca6874a7195809b8b08539882236ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bcd147dcab21e8687c6e56e143f4a949

SHA1
6e2da91d532a88aa2c595b0506cb8a7e5d450b42

SHA256
5f83a51975dffa75af44685745ae7ac304e7eaecd92570cee92200df9ed581c6

SHA512
0715e33e179d6f373be7b0ae4cb88008bfd9be9f82dbf89e33c5f5251ca28cf5de3d4b7ca05e58891e7311c258c76dafbc5b50ce94c32a3e07fd9463364ba751

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
776997b88a694b0b3a52f5c1e42a8b8b

SHA1
20d82baaefc10eee6ab20bd0f8257da5f2316cc7

SHA256
1d73d1e019ed810d2adff2923a6190a3b6dbfa5fef58711eacedbf4e31007399

SHA512
f47b55183a8c213e47440000efbf0e2ed97a1f66d2ae7dd1604f41afd5ab3232817037342caf917d398f9cfcd0df561ee227250ff76735b1b751ed422e335125

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0dec1065cbd7f60df787d60a8eb0ff60

SHA1
b5ad9a1a862618376c1ad6a82c16a99f0011de1c

SHA256
f902de4c1c9c27a9a913b30328edcd424dc3ed7cd72f312e086f7a9d36e12d9f

SHA512
feaf77e3a4cf223ef0fd78ef9b3412fa296d983251b2686afdc6e9ab2dcad61eb1eb6f77148993afc1ed90c2cdf06b9e6fe657a54fe4f7e301358e351718e9b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d0c33a654d5ffa17743dce27dd637836

SHA1
cb4dd37a7ac4112d52fb29c9f54239051de55caf

SHA256
911e3fddd6ef18c501c408cb0933fde060637003ad2544c1ca00b5d908e3cafe

SHA512
4cc6b1d832b6b6c31449180aada5d8165e8a58295ad41e8713461385a730c1254a6ebb13fcf28eeefe7b0b19ee0e2d17f9bebe40163072a00edecd36561832b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a45e.TMP

Filesize
48B

MD5
ec218f3e1f5f6bf9ed9c87e59df73aa9

SHA1
3a5ba8e399651b438ec33d3bc09ac1dff32487f6

SHA256
05a8c54d8b26856050b99ce7a4a3945a2ee4bd9de7f3fc2e53dde4d9332e28de

SHA512
d5b69b735db1feed335c2eb8a12a0d3f9a52ee7425b1342f76d6bc3099fdc2ad33a071f34929b2b2a2b2b29163f4698bb567d96c4386667da6069d41ada922c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
2434d122febd4d9814475481f3cbda07

SHA1
59157d2569cf986fb47102e7bd0bc0e7adc0afa6

SHA256
8520c857792628e666d46355c6c198ca6d87a2554aac9082abd97492f55f3fb5

SHA512
bf27e6596e8a023d61e43784de2e38e2623f70db746dcf5aa95425f6b91ce670bd64c78be9f2b85e0c916eb102b3ce4de55725f6bbaa2d556cc9203251133b43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
602af006ef0866755fc117c34b51a0f7

SHA1
d2dcccbc4427877831aa6103b0c996d6db6940ad

SHA256
b28157834a971d9a594dd17ffdeeda39fc2d1cc342a92b441364793cc66b217b

SHA512
6c967450d995f727a84e2dab9864c7ad3a07573882e024a0b954b3a02643bd53929e8c1a7111e20986b93803f0252549c0834c287a1c92ae6f53f8d600006f6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
e242c503a18ef1efe9d21d3aa9002dda

SHA1
5f8e2ec9ba186f85dfd58cf60fdb8a1e0b263ddc

SHA256
a2e6a1805b181a4255f865e94378b4d64e51c77d1a2375c0a8b34be3194b44f7

SHA512
77413c846410c74691fadf8f9b7743c4c7b4ba6c51fabe71315764910ec1ddbe309f77649563c9a309e66035a90a8f6040ccf99504661ce45b5bdacd89c43367

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
f77a2e9cbbe65aec534af6f1c70ce8e9

SHA1
f4e3a5311783a1786fc9ff23bce04639fe875947

SHA256
40b9aa0c55380ed192f99f7e69889a1e21ba69362197a068579851cca7cbbc82

SHA512
16811cb3bff0e432ae5d4c4de7b8a3cfe7ec09e0f5434d136fde3197ceac9fb6fea6bd67bf28b312a0064c0f8523d00c7b48f6b450ae47a945a07e87fc5f2734

Download Submit