hxxps://m[.]filecoinus[.]com/

Resubmissions

26/04/2023, 15:03

230426-sfc78sbh9x 1

25/04/2023, 21:58

230425-1vx5ysfa5y 6

25/04/2023, 16:00

230425-tfx33sbc92 1

25/04/2023, 15:35

230425-s1mx6sbb53 1

Analysis

max time kernel
610s
max time network
612s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25/04/2023, 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://m.filecoinus.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133269177791779653"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4332	chrome.exe
4332	chrome.exe
2764	chrome.exe
2764	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4332	chrome.exe
4332	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4332 wrote to memory of 1544	4332	chrome.exe	85
PID 4332 wrote to memory of 1544	4332	chrome.exe	85
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3484	4332	chrome.exe	86
PID 4332 wrote to memory of 3064	4332	chrome.exe	87
PID 4332 wrote to memory of 3064	4332	chrome.exe	87
PID 4332 wrote to memory of 3356	4332	chrome.exe	88
PID 4332 wrote to memory of 3356	4332	chrome.exe	88
PID 4332 wrote to memory of 3356	4332	chrome.exe	88
PID 4332 wrote to memory of 3356	4332	chrome.exe	88
PID 4332 wrote to memory of 3356	4332	chrome.exe	88
PID 4332 wrote to memory of 3356	4332	chrome.exe	88
PID 4332 wrote to memory of 3356	4332	chrome.exe	88
PID 4332 wrote to memory of 3356	4332	chrome.exe	88
PID 4332 wrote to memory of 3356	4332	chrome.exe	88
PID 4332 wrote to memory of 3356	4332	chrome.exe	88
PID 4332 wrote to memory of 3356	4332	chrome.exe	88
PID 4332 wrote to memory of 3356	4332	chrome.exe	88
PID 4332 wrote to memory of 3356	4332	chrome.exe	88
PID 4332 wrote to memory of 3356	4332	chrome.exe	88
PID 4332 wrote to memory of 3356	4332	chrome.exe	88
PID 4332 wrote to memory of 3356	4332	chrome.exe	88
PID 4332 wrote to memory of 3356	4332	chrome.exe	88
PID 4332 wrote to memory of 3356	4332	chrome.exe	88
PID 4332 wrote to memory of 3356	4332	chrome.exe	88
PID 4332 wrote to memory of 3356	4332	chrome.exe	88
PID 4332 wrote to memory of 3356	4332	chrome.exe	88
PID 4332 wrote to memory of 3356	4332	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://m.filecoinus.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc837f9758,0x7ffc837f9768,0x7ffc837f9778
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1800,i,6255042336086352273,7298688525433278146,131072 /prefetch:2
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1800,i,6255042336086352273,7298688525433278146,131072 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1256 --field-trial-handle=1800,i,6255042336086352273,7298688525433278146,131072 /prefetch:8
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1800,i,6255042336086352273,7298688525433278146,131072 /prefetch:1
  2⤵
  PID:100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1800,i,6255042336086352273,7298688525433278146,131072 /prefetch:1
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5308 --field-trial-handle=1800,i,6255042336086352273,7298688525433278146,131072 /prefetch:8
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 --field-trial-handle=1800,i,6255042336086352273,7298688525433278146,131072 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1800,i,6255042336086352273,7298688525433278146,131072 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1800,i,6255042336086352273,7298688525433278146,131072 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3668 --field-trial-handle=1800,i,6255042336086352273,7298688525433278146,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2764

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3964

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
665bc9e3327e282efa16e073cac1593f

SHA1
42581f84f7ef0ea1646937cd13801efa686bd56f

SHA256
38e305db92f697e9a3cef00800cd47b2c190c53f2c12de7d83c07da5d70063bf

SHA512
0e232cc652e476e776638f3e99fc80e399823274920a14b549c745b3f081abe6f4f83be1616d572551ad6d89bd721aff294314dcd292855928b1cbfaf71e7e42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
976cbb7ebaad04863e485dd06f51f4dc

SHA1
883a11aba733dd37423ffe7ce38b31517c08ead8

SHA256
0310af4eb0f7db7efead40bc3c5872915e1fe52856794482402a216947f295a9

SHA512
de61a2525e689c96fbbe5386cfcc83c76ea13b0bf97dfe4fd5bc066f6fb111fb7069fd425483a8fb6792f67460c208e836e3475ea3fab4759e80b3bb7e6259e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6a057261f7f7257c87d4ad3d986df49a

SHA1
2e59b0f4e6f433ebe1fdefdcf398229a54e730b6

SHA256
283a7bc3d912327751b26d7e307f72c28c037b9e9b184f51601d22742e0fc313

SHA512
6f4f301105c06061d59f75a6c328dc9dd0b1ef1f7e61c78913699ad68260ebb6de31cbe2e2b4962abbe9503d8d7b3e0567dee881545725eb89ac2bfcb5233e88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d8ba7cb49078786cb4d5b83d08ac0972

SHA1
0efe97f8fef8ac51b42555e1e134212fcfe66b0b

SHA256
5c7b9e0bca0bdb50cdac10014e8e8eb8177d1976455403c263824b054ecd2a6f

SHA512
fea78c897cc5c52e443acb7e28f50840533aa212dbffc993b373a378a0df1834486759cc9df548baba5b13dea43403acdb8ad98730d7e309b5521c539afa90d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
c3b36b6005ec68ad1385a12d49173cda

SHA1
474637db2b50813c4b787d4a0bd900f4e166675e

SHA256
403b81f88ae71661da90d697858062fff84bf32fd071829336ee63f7b3cb2af0

SHA512
76e27d5a70556ff685ef35926f3cf7742012c890b7d1aad68a24fae7a5d71c0c6bb49a851ef2cb63c6c2e2b75e2c2a605e104c65a330e4c34b56e7ef2cae135c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
591a68e80a406dc7d40f077c89840c4f

SHA1
2b2c40786f0a7a44558144244ce48644789edc4a

SHA256
63111799d45fc791c28da4e3390440c386b5a1007809797e8087352b66e003d2

SHA512
1a5df6f4afb4887cc0d7a6d14875112cc80783e9c4f3085ad9843f8139994be0817eb773bc6bcf0ff665f4e391eab26180605385c59bb06a2a7969acf689311f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
0bf27f3bfd4366b8ad2e38da7086c879

SHA1
ad2b1df052a437c8d89a94051c3dae387fba9d1a

SHA256
d9601b5185f7ca1977b2ba13adc7b63d5c72be760a200b7fdf273abc19ea9e5c

SHA512
4c2f266376415ce2317a0c2be64defc11392392366d6c1e0a995acfe3a31a10b016ef9134c1b5617eccf61ec9bf72433952e4a4e19d278e348884fd64b73bcf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
d59871dde61c3d17df1ff7f6fbc054a9

SHA1
e820bf6dde7d3de2df074034c60b764fde4d8e11

SHA256
d1e7871fda7c5aa639f2f70452921f915d6b482ba377944726a8cd6df7ea06c9

SHA512
81d3d76029a413da3484d1380c478f7a5ddc09a4d4fbfd000ee049588bb7662c92eed5b5bf64530ad7de93772aa027a77d30b064ee6df0fd0da61e6d3a4afaae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3eba060fe1e198a192ba50c5d1ec56de

SHA1
84e4a28b8fc2ec9f6c75f82e61e1ce8147298027

SHA256
2895b3dc32ef054bddc975385051295920a69760296ca55ef18e997d9dbf7c09

SHA512
43c8a5773078efe634a53fa1a466a66129a9166662cceb938f4851c6e0109f7966a2c749a656f8d7c82da17a18e19119df440f838008a2940e438923e81077f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3ba0148f9f6feb2095f1caf8b04a4e14

SHA1
5dbd4d5cf74e69c9b42947c71bfaa6662a50572b

SHA256
8218f976050318d7c4b545f5a9f0e923a86057f987daf2c325fd444258d9cd5a

SHA512
fc6bacb0f39f789cb4e118edbf95f7693ed216edb2b1278204be81c8cd1308b9973cc8a5b01168cea052b9b6642c899cf40bc208faa0f33ddf79a4860d516584

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
730dd012caaacc483a01191aa6c570fe

SHA1
e9dbf54497bf1e26b9269235e562393fbfba353e

SHA256
fa698dae1a60ad41a611e35113d1ae0795be0a614a75eca1e3e3d4594f373ec6

SHA512
120b76622c36ea38d5c1d48e6665439ff793993208af79a0c4bccabd896302ad89a8d41a1036271714159d51f77f2de848b01ba27f783dea2436497eb19e7a69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cd2209f2c439f4d658602b0c973f0fd8

SHA1
a408f755607737ac4abc8079f685ddb5a8941f06

SHA256
5a12a724530df85402ed8c1fb7830c2d2c9a2f629f1e506a5cb89e5f41a5a60f

SHA512
3e1f390fd3351f861710d9816b776e2471289803d6f6cc057734128a322e61316c3fd767c4e20a43d07ee07195b95f2ece3c52e33166f5d5412f51f9bf6fa581

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
174ebb0b4c2c0808c132e53c3f428722

SHA1
fd3965ab562145b87591d4e5ad9864a5a96e80b9

SHA256
8c9db125f051d2297edd84792716fb6e7bca98a5ded8f19ddfc10a691c690e03

SHA512
0d557c1b0f32ba088f0b5f6d6417134f624b8ed8e87d1a37d28eda93cb769ea4346dfc1514d2103535a5d7d9038ebc7a40418cc8bb5621b3e71de67f376ed780

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6543b569789399685728af805c18c941

SHA1
2d5eeb2057ec5736d1e856aad50c649cb291b082

SHA256
333f065295d916f0cc3c8f31d8c7a8c4c06f3f263c987c44f334b9862c238f71

SHA512
d014e967eb54127682984499b5dbeb119bbebbbe8fa63287c7079f8aff6fa02fce36dee26f652b2a2f7c89b56de5809d590abeffe1b64b694906b6d59f2c12a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a6c729bf-5221-44c3-9f58-12282168276e.tmp

Filesize
6KB

MD5
cd9bccd161f688c41d58e3215d881e07

SHA1
35f4693e7e01e31de1e8759917ee83768f72b89a

SHA256
3140cb799c472289cf43f6de42b3fd1e71f8ae8a8b3a5eaa19413a762dcb476f

SHA512
aa396f59bb4201a4e4f6bae7d02d88908e5b9ce78600cdb48773791670979fc22ea884ec16b718362507a95fcf1a34faa54252be4b956e0fa497e7393d6dcc4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
ddbde2b068099b6e600c0c008439de38

SHA1
163622edc50237d688825c13fd7d6612c14f31a9

SHA256
c1faeb64a6f96b5b6d91d5887e9313aa924f7e8777978574baef619d92971061

SHA512
80f8a436c62a018a98012a278b247920b6606fea8f4d30431d5019b672a2323e03303e4611bbf5105f127bd1deb45a7e008ca9efc5034228838cba79e38ad36e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
0a502b05e125f2979ae16d4cb084c0ab

SHA1
22ddfbf5b1e78883d055175144d10a02afec2ce8

SHA256
f2805fdbf4f56c929ad15f3dee83d2d237a8955a22ec26225eaf07131f9ac263

SHA512
90d6c0e769621532ad14210323fb5745effb421c60289ce1ebbf48f175d03d228194f5ea1bffc71c9f0f58d74552942a7970b501e69580d566dda9dfdb4f8c13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe572f3e.TMP

Filesize
101KB

MD5
411fa37d56d7c0ccfc2698d15534006c

SHA1
52d5f7ba9d9d020bc48709f4df7050e741b3cc8a

SHA256
7dcf4ef6440ed17d7feebbd532dcd36ea8881b48ac206b0608ae0b4011d1d008

SHA512
ad9bcb674ce30c72e07164313b2f835b105c42c106a72fe08d62fd9b082df6e76d804b215db07b3e9445d99e86257219930af9a67e6ee814cf4bf7aeae659731

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit