hxxps://ccxperience[.]com/caja_arequipa_v4

Resubmissions

10/07/2023, 22:03

230710-1ys1eaeg7y 1

10/07/2023, 22:02

230710-1x6vwaeg7x 1

Analysis

max time kernel
129s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2023, 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ccxperience.com/caja_arequipa_v4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133335002569113609"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe
3700	chrome.exe
3700	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5084 wrote to memory of 1100	5084	chrome.exe	51
PID 5084 wrote to memory of 1100	5084	chrome.exe	51
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 3384	5084	chrome.exe	87
PID 5084 wrote to memory of 1532	5084	chrome.exe	89
PID 5084 wrote to memory of 1532	5084	chrome.exe	89
PID 5084 wrote to memory of 1216	5084	chrome.exe	88
PID 5084 wrote to memory of 1216	5084	chrome.exe	88
PID 5084 wrote to memory of 1216	5084	chrome.exe	88
PID 5084 wrote to memory of 1216	5084	chrome.exe	88
PID 5084 wrote to memory of 1216	5084	chrome.exe	88
PID 5084 wrote to memory of 1216	5084	chrome.exe	88
PID 5084 wrote to memory of 1216	5084	chrome.exe	88
PID 5084 wrote to memory of 1216	5084	chrome.exe	88
PID 5084 wrote to memory of 1216	5084	chrome.exe	88
PID 5084 wrote to memory of 1216	5084	chrome.exe	88
PID 5084 wrote to memory of 1216	5084	chrome.exe	88
PID 5084 wrote to memory of 1216	5084	chrome.exe	88
PID 5084 wrote to memory of 1216	5084	chrome.exe	88
PID 5084 wrote to memory of 1216	5084	chrome.exe	88
PID 5084 wrote to memory of 1216	5084	chrome.exe	88
PID 5084 wrote to memory of 1216	5084	chrome.exe	88
PID 5084 wrote to memory of 1216	5084	chrome.exe	88
PID 5084 wrote to memory of 1216	5084	chrome.exe	88
PID 5084 wrote to memory of 1216	5084	chrome.exe	88
PID 5084 wrote to memory of 1216	5084	chrome.exe	88
PID 5084 wrote to memory of 1216	5084	chrome.exe	88
PID 5084 wrote to memory of 1216	5084	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://ccxperience.com/caja_arequipa_v4
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa743e9758,0x7ffa743e9768,0x7ffa743e9778
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1732,i,2028829172296971107,3720921679567475132,131072 /prefetch:2
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1732,i,2028829172296971107,3720921679567475132,131072 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1732,i,2028829172296971107,3720921679567475132,131072 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1732,i,2028829172296971107,3720921679567475132,131072 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1732,i,2028829172296971107,3720921679567475132,131072 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1732,i,2028829172296971107,3720921679567475132,131072 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4932 --field-trial-handle=1732,i,2028829172296971107,3720921679567475132,131072 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1732,i,2028829172296971107,3720921679567475132,131072 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1732,i,2028829172296971107,3720921679567475132,131072 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1732,i,2028829172296971107,3720921679567475132,131072 /prefetch:8
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4716 --field-trial-handle=1732,i,2028829172296971107,3720921679567475132,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3700

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1520

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
ecf13d90a0d158990e64da39c0bb0ed0

SHA1
41f54ba8615ff8794f0dba6d0ea3aeb43bbe06e3

SHA256
a20ca711d199e4c2bec9ca17d388389d328645fecaa0951160647306ec16ed93

SHA512
2c55028deb21acf846f2288ed83bddfbe1339ada4bfd0c5b934a537883d6f83856f9d96503441e68b0b59bd17ea6279abe365f85fd66601a8deacea6d038d76d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
ea9630f54c3ee98b0502ad964ae761a9

SHA1
3492a5ec73845c0623e239766a12ae875788c3ac

SHA256
12a72c8584a888f0fa8e5ad5cdb2e68e748bca7a5039b7b488cf64b18012a8d7

SHA512
13771f7508e310d38cd031b814c98cbccd17bb40b32b69473051ff7de16baf6102d329f35a3ccc483a291339a15d41e95aaae3f429b2ea3acf78865d14d799da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fce990012f84490c2998886298ff61ab

SHA1
3e111d021b20e79d40923dc62970d06cb986938e

SHA256
fc820236e63200eec743de0d1e37cd19a251556dec640bdd59b2671a13bc3842

SHA512
fbeaf35d4df0456d8dc91ffd2b27a29e27cfc5b086c48d0437d7519cc26a21cd9331beecb1cecd2733ec98ece6fefc7037ed0327ad79096293f73fe387943cce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
72980a6814f6eced2d3f5a99f2e93a6a

SHA1
da5434f48d0a8cba3fef3427febf9258fe1d65e0

SHA256
51af3e431e14037e1bacf35085c0e0b1f85b50be70a94edde1d93a08c1594d84

SHA512
f7eb065c1c95dc7e973fb327c3a5fc484e673a40a8459377b360ea33887a72ebe0d37f001393b4b9560f9057963febc9493c0046daad4c736b237b6a1c412372

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c1d5e42d93d0d19aeb427be023578665

SHA1
881b4b1e16950190327f88dbf503c5bc26d51b7e

SHA256
7053674c60c62531240c72d07463b0007bad87f3f05b6b35614b68b016458e43

SHA512
088439c298fd6dd4ba47ed68bebd4aad336aa4c843e0ffc34c37c837abeaa9fca0386d2bca24ab91251f1b2975e5007ef187b4248751c0af2761182cf15a4e9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
a2b71624eb0dcf4502a50a8757338c2d

SHA1
bad843b5d8f496fe920cf46dab89805bcee4e5fe

SHA256
c65bdeafaed06d67c36fb0fdac8ce1b6bfdaba92d4bd7fecd70e6db31a65ffe4

SHA512
ddaf36b222dfb909bf339edc3a2fa2d96b9c15362d29cfefca574baaf4692a1798eb375b94666a73e4b1c0338695e6e720cd002568a0ea33c540c32a5c1ab563

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
847b71fdd43f1436edc58166dba41f81

SHA1
a4abb0c5d9446331e93f3405734717a78e98602f

SHA256
dc746494b799b134934cf2849c5c19429e1c52cee0388bfcec36676281d2e8c7

SHA512
5ff8099b6189505db432b0b079f4d7f5de3736c32efde3160d9dc93b6f9ac0dd3dbe05fabe84b182b0d5faafa8e047cdb2638883aa68c6e8fcdefda7dbf121e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1a2b096abdce8f2ee951ead2859dfb91

SHA1
1ebd81c558061e575d9132fda72504bb622359a3

SHA256
510760ed81c648203d1a3a914ebc71f8b5edb3eea328fb94be79f713fa941ec6

SHA512
811ed1cbcc59f4e742e9cb738214737e15f5adf1a8560270be82f3316078b52f2d696e0c4c0c01b2ef381a56acc2b865c423d1e7ad2c3b5ce8597611d2adfc33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e0327f0d161284b87ab2deb0f3a7c73a

SHA1
9f3eb7d9ba5d08a2d660f1e0dcfc337fffc3fa24

SHA256
86af74bc23dc4bfe1a379fbfae8f590a9e6032ed9c3aeded2fb15ed47455c1bb

SHA512
657ad07922e4e024ab758342eb6ff11be23acaa93d1a376530835d3dd485624bdfc7fe8c58c061e914d0cec97ca37659126b0f4208b9ed8c1068eaa7792e313a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
aedb2657042e6c6bddb047cb1bf13e5c

SHA1
2aeb245e2116ecd9306d8697605cb008d09fa13b

SHA256
bb9c05e8069baf60f3084cf10ae04df2715af5ed87fdfb700ffb87968750b2f4

SHA512
570f36412202437fdc8c2ef5f5abc6a1694f0016b886648c0df70fcfda81b105399d0be5e01562613a21b17b4ba963482a22fd49f511f11310b92c3f9a13abb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6bbd61177c8740e0f671d7a987f79599

SHA1
c5c1ed11737dddd096901b029c4882bcacd4b3a1

SHA256
34e51359cb6f421c6a73d6db42d27c26de7cafc056570f24e38c236f96e48bbe

SHA512
c54c6f7f858befa1889eb2b2b680bc98ed67832e8720350da9002690beddd92b2a24bc852f0c9eec2cf7c041d9553c0b7d5ffcbdd6e2a789e200db3a86fb942f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
e44b047ee6a5b67c4dc1310313696ee2

SHA1
1fb056f3ada43a58b08c38c605ba4d9d2ad61c1c

SHA256
3b0e15329b7518eb8b325b0a6fab0a9bd857044cf74bb1a8eb6a3d26c024c0ae

SHA512
bbc149ffd2cfb9cb12533a291935734452db42b6d726b8fe7ffa2fb5cf5f185bb18455070711c74d96f53532e15229258008fec0f4be38c3d1e6538c92d582a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
8cc2f0baa9b08555bcce8a5b0ab8d6ae

SHA1
970feabf9265824e7b67504b7943fdfccac7b2e5

SHA256
aa5a0387adf1d7f5fc90c942d777fa54659a73a001c024286cd18677a20d0cbd

SHA512
c6e600101557f8aa6497e61e21931f1a181d0f5bf8d364a5e282a35c5cb90f9316d3d6e4c949cb4a67eb7bf8e0def52fa93bca2c3b74a8ec11ec85f9f8c8dae1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ed9c.TMP

Filesize
97KB

MD5
9dfbd60cae06f786e93d1d83de95be9c

SHA1
4c1157e7028476168064507cb018007d1fefa533

SHA256
d92e9f54ad7a60debfd26190bc4b20114885cfadee6268f35b027edc54a2d87d

SHA512
910f300800fd51f81e0c6c993707afa6f093a8c60c0bf4bd09f488622f258a252c2fd35a3d9343e3338e32805da3d414397aa8e298b3aa5098decb22970ef03c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f1d36195-38bc-4346-8963-2ed5fa16d522.tmp

Filesize
172KB

MD5
a2caf364af90437fa0de66c245d0037b

SHA1
bef6e7f8839c3e7c0b9246239099ad9cd6496124

SHA256
a0815cc2d43837e8785a3f5a9983d08a200fb7fa847f715fe094e33370af9584

SHA512
43e589fb9af7c289f539adfcabdaeb40973e934695cdf1850e9c75042505f1a35a5a35e9be9d68cfe7220f02246869ebe247bd1988699dd711e10b173adb2c77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit