hxxps://grupoixtlamar[.]com/e-documentation[.]html

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2023, 07:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://grupoixtlamar.com/e-documentation.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133232549415284641"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2380	chrome.exe
2380	chrome.exe
4012	chrome.exe
4012	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeCreatePagefilePrivilege	2380	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2468	2380	chrome.exe	85
PID 2380 wrote to memory of 2468	2380	chrome.exe	85
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 3592	2380	chrome.exe	86
PID 2380 wrote to memory of 1520	2380	chrome.exe	87
PID 2380 wrote to memory of 1520	2380	chrome.exe	87
PID 2380 wrote to memory of 1528	2380	chrome.exe	88
PID 2380 wrote to memory of 1528	2380	chrome.exe	88
PID 2380 wrote to memory of 1528	2380	chrome.exe	88
PID 2380 wrote to memory of 1528	2380	chrome.exe	88
PID 2380 wrote to memory of 1528	2380	chrome.exe	88
PID 2380 wrote to memory of 1528	2380	chrome.exe	88
PID 2380 wrote to memory of 1528	2380	chrome.exe	88
PID 2380 wrote to memory of 1528	2380	chrome.exe	88
PID 2380 wrote to memory of 1528	2380	chrome.exe	88
PID 2380 wrote to memory of 1528	2380	chrome.exe	88
PID 2380 wrote to memory of 1528	2380	chrome.exe	88
PID 2380 wrote to memory of 1528	2380	chrome.exe	88
PID 2380 wrote to memory of 1528	2380	chrome.exe	88
PID 2380 wrote to memory of 1528	2380	chrome.exe	88
PID 2380 wrote to memory of 1528	2380	chrome.exe	88
PID 2380 wrote to memory of 1528	2380	chrome.exe	88
PID 2380 wrote to memory of 1528	2380	chrome.exe	88
PID 2380 wrote to memory of 1528	2380	chrome.exe	88
PID 2380 wrote to memory of 1528	2380	chrome.exe	88
PID 2380 wrote to memory of 1528	2380	chrome.exe	88
PID 2380 wrote to memory of 1528	2380	chrome.exe	88
PID 2380 wrote to memory of 1528	2380	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://grupoixtlamar.com/e-documentation.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x10c,0x110,0x114,0x108,0xd8,0x7ffccb749758,0x7ffccb749768,0x7ffccb749778
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1824,i,7321280192795476999,11039562226152610539,131072 /prefetch:2
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1824,i,7321280192795476999,11039562226152610539,131072 /prefetch:8
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1824,i,7321280192795476999,11039562226152610539,131072 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1824,i,7321280192795476999,11039562226152610539,131072 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3180 --field-trial-handle=1824,i,7321280192795476999,11039562226152610539,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1824,i,7321280192795476999,11039562226152610539,131072 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4904 --field-trial-handle=1824,i,7321280192795476999,11039562226152610539,131072 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4564 --field-trial-handle=1824,i,7321280192795476999,11039562226152610539,131072 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=744 --field-trial-handle=1824,i,7321280192795476999,11039562226152610539,131072 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1032 --field-trial-handle=1824,i,7321280192795476999,11039562226152610539,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4712 --field-trial-handle=1824,i,7321280192795476999,11039562226152610539,131072 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4964 --field-trial-handle=1824,i,7321280192795476999,11039562226152610539,131072 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4692 --field-trial-handle=1824,i,7321280192795476999,11039562226152610539,131072 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4644 --field-trial-handle=1824,i,7321280192795476999,11039562226152610539,131072 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=1824,i,7321280192795476999,11039562226152610539,131072 /prefetch:8
  2⤵
  PID:4828

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4784

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
733ce51e5d0568461bc4923134028039

SHA1
bd22f228e9b8debf79fd205c844594488aba0ac2

SHA256
3440dd4d90088ba5fa91bfe968ce8fbb942c41a4abec312d43e6d9d73eff737d

SHA512
8a2eaac3bc1d873e54522600c89908da45226faa43581137a113afbb86b1541845e0a23973f5bf4e7d1f19eafd639a3de9ba5b2bcc4f1970681c48ba5749233d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9a0bbf60c4ea56efeaa1f5770025a123

SHA1
b225a1421378e4205dee7ff4d06f1c1ff2618ce9

SHA256
219fa3f5b3925692fff2783b5134c83ef4b3204187d3ffc65b672202dc602322

SHA512
986b2cc03793ec4f922778b7d38e05ebac5634a8d8fce845ae1705f3dc6b5bb7fec676869104a4ebaea29513465a14c3eca891e91f2aac0e6d36c1c3e442af73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dcab4ceb407f895129a67f3bfa630783

SHA1
a7a5c06f85d5d8271e0c163bbb9758c1b1324dc9

SHA256
877bd9550495b6a75c26b755a3760fd6389f92b8f6fa0877fbe7882f9a0e1e8d

SHA512
38b6902bf1e6db9226dbf43bcf92566d3ddd9a135192a0f0a16ddf129ebdca9a49931f1f3b5a2809dd894b2e29708f997d952a19ea546f48ae414e4552f91b4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a5b0fc6eeef151657d3f3df2bc8c0587

SHA1
499fbf9d0bc65673a24e2c1c58a9a87062b60c9e

SHA256
f563ec269e38ab6b96e967950b4c4d732261dd5c0c26204e86aac0591313124e

SHA512
faadab6f6cd3aae1076e0ef436597d3fb21e6b16337741c5e500172fea5cc9bf9d322fc9ce18b8693ac624de8b7ad5a8b902df103e585d5137f3c839389ed765

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7ac8fd4cdb228ff455e1523c87509dc8

SHA1
57bc1270f4467f6172a0af16b5d1994e5437efcd

SHA256
bd69e87a8b357e3a95749a7f8ba9a741c662db4d13d4e4167b897eeffc259465

SHA512
1a1973b983a3b39e28a093251bf286756f778fad194b3ff2237ad1e478afce34d9190946f2925f855b44ab9ccb6d51fbf9cdac71ebee701c03aa75e87c0d85aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
79f8800cd4c241fbabf3d20e2d7c6d91

SHA1
6b49bad5638aaffa7fdd69b1e433a5236db6a3f5

SHA256
2908b12c004eddb08c109406d279156ad64ca6b4af9fb494143aac4fccd1581f

SHA512
9fcb4e39ff06a335c7d0f63edc9c28393ef623b858a40ad34fcfda0f3bf158b881d38f37f842fe0395684ecca3c1fe7a1d25eb648cdfc9641af8eed784f7e0ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c7e58edf86553eb82a3819f787ac7c09

SHA1
79b8dd8e0c756bb2bc26b3187c94d062d8677ad2

SHA256
7fece2fe84019f79c5aced3e4f9af95db5ab9236d1e2b86f137965693ce1faf1

SHA512
b2655e6c92bada51fedae34635a9d3e91ad34f8346f80d6938566e2e5b67fc64042d9ef840af8ae05c92158b798b9e1e6d5ff16aa679129271e38b77b8789a1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
070229ea7861104448f7548f35bdf54e

SHA1
2b2088d6e8ad85d06af3588fc19a42439ff271c4

SHA256
3ac9bab37d4b51b3351ec673d79ca770648c4132ac3862490bf3ed271c321371

SHA512
2bdc98039edaaa2ea6ab56e099b929b4c6b5b1d62dfe776dc6531ee84483028aca47272684973e7d84d05235d408bd9e1d3c7d718f7cd1a7b60d9109f910d888

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
ee965c6441a15987befc744b9e96575c

SHA1
7e0f2970405b1833d73e1e456428023979eeeb4e

SHA256
24db2947431d6452dda344583a373faa7dc3ad76f01d707b3823b36c2b4760a0

SHA512
1fcfe6e0e368416860735dbf6d4691ebb14872e665fdde19b00cbbda9c87f3e2a1aed2aa136375b3c82cee2ce481752185ac9b19b7b98572f73be98eed90e945

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe577fde.TMP

Filesize
101KB

MD5
eede8b9bcc825d952e9d1b209b4af7fa

SHA1
dc6bc92695ce02eb36baaede5035894fcac44e66

SHA256
7f09bcd6a51bb0dab4691cd7b7a3f508e048f4108b1a365c6cdf29f571184e2d

SHA512
fc628298b682e666365749db96ff9338844789d9fd8b304bf4cd1351eaff85f75658f25e9e08c478ff3aeb25d8e197d3c86d4b6939fedd416c500a92fa76fab2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit