hxxps://медиабридж[.]рф/bitrix/admin/1e4/CantonFair/index[.]php

Analysis

max time kernel
149s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2023, 14:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://медиабридж.рф/bitrix/admin/1e4/CantonFair/index.php

Score

10^/10

phishing

Malware Config

Signatures

Detected phishing page
phishing

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133231941237917241"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1256	chrome.exe
1256	chrome.exe
944	chrome.exe
944	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1256	chrome.exe
1256	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe
Token: SeShutdownPrivilege	1256	chrome.exe
Token: SeCreatePagefilePrivilege	1256	chrome.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe
1256	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1256 wrote to memory of 5000	1256	chrome.exe	85
PID 1256 wrote to memory of 5000	1256	chrome.exe	85
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 1280	1256	chrome.exe	86
PID 1256 wrote to memory of 5092	1256	chrome.exe	87
PID 1256 wrote to memory of 5092	1256	chrome.exe	87
PID 1256 wrote to memory of 3260	1256	chrome.exe	88
PID 1256 wrote to memory of 3260	1256	chrome.exe	88
PID 1256 wrote to memory of 3260	1256	chrome.exe	88
PID 1256 wrote to memory of 3260	1256	chrome.exe	88
PID 1256 wrote to memory of 3260	1256	chrome.exe	88
PID 1256 wrote to memory of 3260	1256	chrome.exe	88
PID 1256 wrote to memory of 3260	1256	chrome.exe	88
PID 1256 wrote to memory of 3260	1256	chrome.exe	88
PID 1256 wrote to memory of 3260	1256	chrome.exe	88
PID 1256 wrote to memory of 3260	1256	chrome.exe	88
PID 1256 wrote to memory of 3260	1256	chrome.exe	88
PID 1256 wrote to memory of 3260	1256	chrome.exe	88
PID 1256 wrote to memory of 3260	1256	chrome.exe	88
PID 1256 wrote to memory of 3260	1256	chrome.exe	88
PID 1256 wrote to memory of 3260	1256	chrome.exe	88
PID 1256 wrote to memory of 3260	1256	chrome.exe	88
PID 1256 wrote to memory of 3260	1256	chrome.exe	88
PID 1256 wrote to memory of 3260	1256	chrome.exe	88
PID 1256 wrote to memory of 3260	1256	chrome.exe	88
PID 1256 wrote to memory of 3260	1256	chrome.exe	88
PID 1256 wrote to memory of 3260	1256	chrome.exe	88
PID 1256 wrote to memory of 3260	1256	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://медиабридж.рф/bitrix/admin/1e4/CantonFair/index.php
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff81c069758,0x7ff81c069768,0x7ff81c069778
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1824,i,18204556262678105519,17557596911874919053,131072 /prefetch:2
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1824,i,18204556262678105519,17557596911874919053,131072 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1824,i,18204556262678105519,17557596911874919053,131072 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1824,i,18204556262678105519,17557596911874919053,131072 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1824,i,18204556262678105519,17557596911874919053,131072 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1824,i,18204556262678105519,17557596911874919053,131072 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5084 --field-trial-handle=1824,i,18204556262678105519,17557596911874919053,131072 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1824,i,18204556262678105519,17557596911874919053,131072 /prefetch:8
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1824,i,18204556262678105519,17557596911874919053,131072 /prefetch:8
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5004 --field-trial-handle=1824,i,18204556262678105519,17557596911874919053,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:944

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4148

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
73KB

MD5
90a01999dd69e63101f9aa323e313313

SHA1
9d8563adea21964efb73bafbd6e337b1792030a4

SHA256
884db10f066017202b2c877a369c7a465d7b477103bc94ddf3d791010727680f

SHA512
0dbc460207cbc98826bfc9f27194b274a93c830aff85505966eb3ae9f1a31b9ba15d5fefd9613ca854a1afb3a18af5c6bb10d297d968a687e8c77a003e62a809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3026f6d4af0cbdc0a5fcbd1525e9eace

SHA1
164076382fd4b36805c3ae469bfb4d215b04094a

SHA256
176172922b97018e2dda27356c9609a74fb21928c302e2c2bd0ca499cd56f5e0

SHA512
8137d37e56cd6339ebb2643b1b187bbcfe2d3361e40eab8d50922138d3442300cf6542dcbbb000777ea260d344feacbb5a8e38693d3107d746b418f7621a6606

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
baf923bda144f9a5ad4342f7655e31fe

SHA1
dd5ad97bf64b120d6ec5ac729de96adbf4ba9e5d

SHA256
a73521199f2b0dab043f906e51972c66a3d5ee8d9c2a3ff26bd4be961f084145

SHA512
fa8f7827826e3c81f48e1fd8bf25ffa67427b38a5d6da6554b7dd2a03e737aa851939affb9575ed3b4848b5428897f0f3002d20118f96bdb2729744908d74c79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fa7171eea2bd1d8ff0c9b00db1562cd0

SHA1
4d6db4b330498f92b1cd53da34770981f80ec12c

SHA256
dcf2343aeb8bf640bf24c1dd91de6d9247599330c3dedf1c46ae53477d1b1bcc

SHA512
1835930428e35e03069b6d4d762ade59cab827695c9f7117b4a30a25eece6c02ba010ed2554f896bfe9c4e87560a3148bcf0cd466e3354db1662f9b08227933a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a3a07e2c557f071f7d256b4aa42bdfff

SHA1
6f1eb1a3518bdcefe6af1be2ee04a30d18423626

SHA256
d8400f9e1cebb4206425884d5ce198d36ff8608068963f0d747993ecd0a34564

SHA512
c3a9f1564fab945c0299807543058fd245b35e32c2cdc5b2304ecd1469f777e35621eea0f4af37aebe949febcae1029718ab8d563ee0c6e87e47de9197c2b104

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ace71df04cc6c09597fa1636e499831d

SHA1
18dcdee598d256fecc4b6bad519395ca776c8617

SHA256
f2bceea59dc8b3b92e1affdaeb999c7ff55ad0d20f18ef0c110866af28f199ba

SHA512
c9f62c9a77bbbb33a695075787ea66ef88df2d9200068d326c7b7f42605257e482a3a8002ae65819428309943f036d2da6f5ac7fa31e39a6987b9493442eab3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a241e7b744008bc297619f3ad7f4cdce

SHA1
b20813605df6ba5b3de17f66569df88cef330ae2

SHA256
8170ad1c33920d5ac9b80eecf9f7dfd6eb7fe1fa57b1b39f8784e79fd80b0e2d

SHA512
682e07ce91476c38df4b4b578c6a284acd68a4ed187f694695edc2823b9f3f2d32145dac79494cf285718f93cf47dd2a54903ff4b0acc074267327cb8127ac86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
43c8b23a11ac709d59f644979b187c6b

SHA1
338afae4bce196582ce1fc2cd90cafde11d4ff89

SHA256
17cb0d1e58323ce9b9157753c99f957a6e1a964ff27d0efc01dfa524132ff722

SHA512
af2c3e509c1e235adbce2eedb416115556a70aaa33914641f50442fe55f1b27535afb3536101aa06ab3a89b94a199ee0bf58124557adbdd007732f7b7dbf44b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7a30ede2c14d200e50df3179b4b15dc1

SHA1
004bea7634f13edd750deedf91e080ffc510fe7f

SHA256
46c29d066ca3670f6668cb06d30009ee29382e5b05b9554362117508b1ebc42d

SHA512
cad8e7802ffbafaeed433dd8b142843d4197442ccd5a3247003c30deebe85999e65b5d0e6ae303ecbbe3b4a847282f252d78aa9cf8692abf25851e811b10d0b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
bd04e96d20bb305a36fb91d26a7eb66a

SHA1
f458b93a190a635a88c2daab9c0a40edca8bbcee

SHA256
5e7eab116fb29e462e51bbab1280be5e6fbb4aff9fafc8f3a6b1602180816de2

SHA512
a1da360e7483e141a5c79baaa819a4aea89f06f296899a0931d6a87b1f504c564e899901722546083b29484f882145da486a6a5a8a72ae95269437893d56bca7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
da0c819d98c519bf906a5861fad3503f

SHA1
0166dcbd8bc76acdc60001e9c2a2f3e1abcaea1b

SHA256
8232c54a6cd04f4e2db2991a479549f0c8733969651b3aa4bcf4b0a4d20bef23

SHA512
73ddf700580c89f12f3aec3d81a6f733996f40fc7728b2f8dada2a80e6859e7bf8413fd29965085261bc865971743e611b825d511de59f9fa1c9e823e48d19de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe576448.TMP

Filesize
100KB

MD5
0e90f4ee74db78398e0a0d9c758cae8e

SHA1
8fe3756905a65b4a4e1143d44ded2222f20018bd

SHA256
1d61cb82fe11203eb74bd1ba4a91b8272ab1f5406b8a8ab5e1527b2f859bef39

SHA512
da6a951e4ecdbd0f92be4f50907a9ffb96e122bffa72f2ba82539a6e993258f0e6f051c0322e72484fc97d8de7be4e38eedd0594738cdc20b70426a1fe219e56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit