hxxp://www[.]gesdoc[.]campofrio[.]es/campofrio/training2023/?training=32f9cb2398c51e177b17febf9dc853ccf56df0779fa534a2b48312969293b5ca

Analysis

max time kernel
1800s
max time network
1690s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2023, 07:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://www.gesdoc.campofrio.es/campofrio/training2023/?training=32f9cb2398c51e177b17febf9dc853ccf56df0779fa534a2b48312969293b5ca

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133331881486324828"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3412	chrome.exe
3412	chrome.exe
3284	chrome.exe
3284	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe
Token: SeShutdownPrivilege	3412	chrome.exe
Token: SeCreatePagefilePrivilege	3412	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe
3412	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3412 wrote to memory of 4152	3412	chrome.exe	60
PID 3412 wrote to memory of 4152	3412	chrome.exe	60
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 896	3412	chrome.exe	89
PID 3412 wrote to memory of 4784	3412	chrome.exe	90
PID 3412 wrote to memory of 4784	3412	chrome.exe	90
PID 3412 wrote to memory of 3028	3412	chrome.exe	91
PID 3412 wrote to memory of 3028	3412	chrome.exe	91
PID 3412 wrote to memory of 3028	3412	chrome.exe	91
PID 3412 wrote to memory of 3028	3412	chrome.exe	91
PID 3412 wrote to memory of 3028	3412	chrome.exe	91
PID 3412 wrote to memory of 3028	3412	chrome.exe	91
PID 3412 wrote to memory of 3028	3412	chrome.exe	91
PID 3412 wrote to memory of 3028	3412	chrome.exe	91
PID 3412 wrote to memory of 3028	3412	chrome.exe	91
PID 3412 wrote to memory of 3028	3412	chrome.exe	91
PID 3412 wrote to memory of 3028	3412	chrome.exe	91
PID 3412 wrote to memory of 3028	3412	chrome.exe	91
PID 3412 wrote to memory of 3028	3412	chrome.exe	91
PID 3412 wrote to memory of 3028	3412	chrome.exe	91
PID 3412 wrote to memory of 3028	3412	chrome.exe	91
PID 3412 wrote to memory of 3028	3412	chrome.exe	91
PID 3412 wrote to memory of 3028	3412	chrome.exe	91
PID 3412 wrote to memory of 3028	3412	chrome.exe	91
PID 3412 wrote to memory of 3028	3412	chrome.exe	91
PID 3412 wrote to memory of 3028	3412	chrome.exe	91
PID 3412 wrote to memory of 3028	3412	chrome.exe	91
PID 3412 wrote to memory of 3028	3412	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://www.gesdoc.campofrio.es/campofrio/training2023/?training=32f9cb2398c51e177b17febf9dc853ccf56df0779fa534a2b48312969293b5ca
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff03b69758,0x7fff03b69768,0x7fff03b69778
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1812,i,15209245937596260731,4273041544407132081,131072 /prefetch:2
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1812,i,15209245937596260731,4273041544407132081,131072 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1812,i,15209245937596260731,4273041544407132081,131072 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2124 --field-trial-handle=1812,i,15209245937596260731,4273041544407132081,131072 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1812,i,15209245937596260731,4273041544407132081,131072 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4460 --field-trial-handle=1812,i,15209245937596260731,4273041544407132081,131072 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1812,i,15209245937596260731,4273041544407132081,131072 /prefetch:8
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=1812,i,15209245937596260731,4273041544407132081,131072 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3876 --field-trial-handle=1812,i,15209245937596260731,4273041544407132081,131072 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3012 --field-trial-handle=1812,i,15209245937596260731,4273041544407132081,131072 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2132 --field-trial-handle=1812,i,15209245937596260731,4273041544407132081,131072 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4572 --field-trial-handle=1812,i,15209245937596260731,4273041544407132081,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2792 --field-trial-handle=1812,i,15209245937596260731,4273041544407132081,131072 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4816 --field-trial-handle=1812,i,15209245937596260731,4273041544407132081,131072 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1812,i,15209245937596260731,4273041544407132081,131072 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3064 --field-trial-handle=1812,i,15209245937596260731,4273041544407132081,131072 /prefetch:1
  2⤵
  PID:2044

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3764

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\24e70ed5-689f-4143-8871-48722a367a56.tmp

Filesize
102KB

MD5
d5b0a720ca31c1fad228a976cf21ac65

SHA1
d7dfac95f057c5dcbccab87d0ccc0127fb2a80e0

SHA256
281217701d325610eda4cd94327ebee9f0fcd1b38c7ef430f109ed44e64902cc

SHA512
c98994e3684072c123df51e4a97237416c64ba138bb8186a895062344164110f798bcf0bc4adb166bd543c749e9005dab4f71fa1b1299167901d11721b40d29f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
120B

MD5
2986d03c623562fdb188659e8658df37

SHA1
e707b63ce0bfe0213ae35ff6692b7071eb316225

SHA256
cff0c4d609c4aaaa2645e2c0c99ec0efe9ed06a38e676cd3edde3ef0c56ea7d3

SHA512
59d4e74ef7c8ab66285610d77bc9b9729d105b148bd54bbcc166535a9181c69d96bd8a0254081b909736ab49ad19e77463c18e8477ee503b784b184dcc99a2b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
2327114c006d02255f73a3cf6822b33d

SHA1
f99dcbb5943797670554351a658c62528a80db03

SHA256
2aa1d1b9d2b42b1688b5d9b25f50cc1946abcb8f7476d26c84fe355c53488067

SHA512
334b578359836ab45a76deb1826ec7c9943faa6b324242e477435e3fcb0e46f68c6015fb18ac4d4500d354c969174bd5eafa34c7330543a9821e7403fe27112a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
71869c2d9597a201896aeddf44284886

SHA1
4718935a3622148bdcfca1443232530e9cc3adbc

SHA256
46824acaa4fe08c4daae790e7fe72caf8acf98de08f90d56e2562c2a6a8c4449

SHA512
3deb695659d3f6047f48b95ba3033d22f9eeae8fc11d279c90c3b0bd334077b165d5dbea0bed6b5cd248482b5242a04d0884be2c11f705576d9e6c58859f6986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ad301064918ef08c3c1b338385b9ae64

SHA1
91fc9b0d73bbbde1ac1d528f1e4599f24e94f149

SHA256
a2c340f9c33555bafba53196a648be1e82031b05604d382dbc39eb5cc0cb84ea

SHA512
89b71011ce9b762d68d7fdb185c1bb690dd8452c9110c059c9fcd502ab8a01f7f35c2cf5247116e863b4a928acd99f30a621f52a862dc15ec502da891fd663c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d503e786acde1873645275d5ec3ff33f

SHA1
2139e5d259226e1aefd3fc9a9e531621db245d18

SHA256
8ef3c5a26dc4054551f283c08fbc965a3a920225985bc260794728e0f43ac06d

SHA512
bfefa51b11830e011d093984e9991b11445b37a9183797613fb9401029ce4732b1c023f5406fa8c691908bb8171a10f77a7b0466acd0656f8e3e7a67e64b6564

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e396b29bd01a7a41308a6b59aab5674d

SHA1
0e3f40899c9ba7248920899b5903e5af60dad598

SHA256
5fa532d30c5fcad667523209c01349b4ea74c30660b87ef5d14042ac586a8f4a

SHA512
c24fec2a5ea46b93a9d0dac98982efcceec9257b31cecf9bf619dd7ddff502dc7a3fc1c14976d3cb7b3ab6d2ea04cd0490e774682c713dd0a54a859662d83779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
535B

MD5
61d47c9d09787332d8f53960e16c1bec

SHA1
f6fc9422977f68e6b76f32b5232e7ee8ae734c87

SHA256
540995bf822aab059fed5d73863e77e3e91b7682f93d5503256ae43ce77f7145

SHA512
1c6022a2d827eb9320048cd281f16b43dac47732b2d9d119dd29e98f79cdc77f466dfe0db9e1e77e89193a2ef6a04a7309351574a92af3f84ad4aa5609cdb534

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
73af4ee8a434e4dada3640b94816fb03

SHA1
196a678ce29676ce9aa09abf3210a840ac84539d

SHA256
5ff83fb6075cdde4061cac72ed406d5fce553fc3f8331e1de7cceea51c742d3d

SHA512
3cf910f1b2608d3824b424c177d724296b8b26f50b2a690c9a587e01aeb8a8ef3930723f0947baca99d8a20a952d9c5ecb80c26f0a5183c9e5a37c000fa65111

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
ba77db787ff694c3a9e83ad4ab47b0c2

SHA1
f8461c3fbf39e381c276b1ba5908b987afe5b1bf

SHA256
adebceffcc4a3dd741823bcf36fd619c7240321bc6a0894f4b4a8bbfeb4cb6d4

SHA512
f1ca354b1d09a6b2ff6c16865f83e8d90320300a3bc4fbb4d36c4cc0479982e99620aeed33931669f6b16466693ddb86b386856267bfe50f89c76c7c368fcd5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e7ffcb6a61d3da7e8fea093620a79145

SHA1
be6cf6f9bc4783e675ce7f5754c85dde5e991c6b

SHA256
0b779f866898c3009e36f5921398f5e2661ed48f7089f1bdac850c6c56301365

SHA512
0128b667df04f9748a5073794f4c27d08e9f87d7f542c12601b01d0837255454eaa9bbbec5f825d98ddce9d92793ba4d611b60617ee9cf5c73b8e42b501819e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2786e685155ccff6dd787c4fa4ffd3ad

SHA1
0293ae03adf0e51f35198f81c5c0c28ff03d0954

SHA256
79521885f7021b36d9157f680f92de3c91dbcd7f11495d8c3879b138572aba29

SHA512
92069b4ad831420eddedc6aea170ca5b7d3e59cd8bacc10259b899b3582791b304de498d7300eea804d3b90db47d73161c534849052c61d26e32f69c086235c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
121bf92bb390d58f869891412bfe30b5

SHA1
3c70d7751803217ec32dee1ee94fe969c37e9b45

SHA256
3573d978541fbb811073ac009cc2dfe0a82ba4b1aca32762626141d6ef47aa15

SHA512
762b81f70330aa2e8d0f42d4d29ea77018d83b26f2e72f5cf354d886de05479a42819ff3e0eb80d62ac25c544dd38279cb08b8a6fec91a5116a45aa19c2e1d9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
410ccb394f7cbedadbe1b0dabbcedd2a

SHA1
291f20e31754d89af97e3a180117a5f8c9a65c4b

SHA256
50a164411657555a3720e5a462551afc7a0f25ab62cb5952658178b22dd50cc6

SHA512
96c6510f472a995c6bea287b47c98107bb0f4b1857e7512787193900c3f15d256e924af6a72d87d2f7b6abd351881228478a077df20bc45ea7c1955eb72a1a37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
253109a6988e1eb431d3320d354579d3

SHA1
d11e3882da1d8d10b7d6eb9837b082761264c77f

SHA256
097cef756743186f211da0717eb308c955c053bf2fe0574a2b71b05ae2a63119

SHA512
f1348f3396db705115383a33bc47c5e73b2ca3895a2cbae63081a2a0e64a8bec499c31ba5da1ad0df108f68bd285cc95f3a7b4ff6580c44fdda30386338a7ef6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cdde8d4ab278856a8161df9d5dd8797f

SHA1
405c02075b53cf23804b662e355d5804036a1c91

SHA256
cbef2061a3bca2f71ec8f47aa2afe277debb2c89a27788bd0f8107dd6ff26ab4

SHA512
ab793cb9f37cd30ce68e22fd65908adfef8a8e4c9f8aabdca6ab2a09f93d3cedb42967d377da275567d4071fdfb22d4b001e26e8f653d7c06fc3e4a05c2bbc57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f58c4422b55dd32e68a931abc0170754

SHA1
627918fb43f35cba49ed1271b2fa811e11c9f863

SHA256
f48f0bdaa218a2f363ece6d15d638d1f593d972819f6f27532702cd7c046796a

SHA512
8b81cccc63d70fecc244e3368616a3a8feab4f7b1897ba23f1eb9f866a7abe61de0a58b5b1d5f1bab5f7fa0b97b17e4dd5300427ea14003da658221f293e1888

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
60d96e41fdcb593aaec3c19f7a98e4a6

SHA1
c6918817cd94399ecd1ecab04b4167b85b5c345a

SHA256
3ca19373ea37b76e44493b6166fe8e45a54b59670084d6c6d96c97b3f1e8c95b

SHA512
750ecc7cd717559ffa4c37f8b20942fc0975958e6c1899b1c80d10f8fcfa5eb72dbe3da7f6fa41337d3be1b3fc7557ea539e4bca3549c284f2ba2d534b3c794b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
30e5b8142880d8d397e07aab9b7ab32c

SHA1
bafff911df72b2ef8e2f84da74bd3a7ab0a3c214

SHA256
74a7fc32f1e1b5d7f496e2c40a8a7ca6b30ab8fca4192580c6c73a298cbab1cc

SHA512
0a0395a1fb8df99df2c257ecd359e13ca4d542b8830c3a7a27e7b7246f54b36becb51c8095871b65326419e0ef172377a3e8e5e6189fd1c21e76cf64a2f9a91a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
c99ad2cd8f3d8c37ad71b89256a040bb

SHA1
71adb8a80fdb45877484124e36159502f3540c67

SHA256
e465c8c0024d6c85b0e1741d138389fa1713b3f1813b5d1107301530efac2f63

SHA512
cf878fad9d9e162b44074bbe50302f9dad91772635c53e5eaf0e93125ffc17488fc66c54e8eef8bbcdb39ee6c87433f61ace1561ed1f97988d3e140307e5121b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
a3126082e448be643540f4adbbe3b7b0

SHA1
b3ae9dd08b47172bd7c720004234a0f62da524d7

SHA256
be577bb7192d3aac3b0f20dfcb440e19163889d49566941a7cc6575c62aaefbd

SHA512
9704014b8e5e2dd05e8b3f69cb38824cffc265a89e5d3ed2ac1972e33115ac8e32af17a5d0cdaee36f84770ea5fe1c2a42acb2f555c07ecf3b9fc6da249de9b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe595058.TMP

Filesize
101KB

MD5
881ce3efe0dfc156e8a07924420fbf89

SHA1
7fe9b02e30b344c5a059b9e2903965f7360c6586

SHA256
4fc5592a0d996dcd92938d8bbb1cbf7b5678737b537e999ebbf35de8808e01ef

SHA512
6cf8915a6b4b827608d1916cc435981db57796c0d459b8b6ca2f14a6244789a71a58505336dcde713eeef949e82a9745bcee268653508d590fee70aac7ba312a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit