hxxp://www[.]guardianspain[.]com/

Analysis

max time kernel
158s
max time network
167s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
16/10/2023, 15:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.guardianspain.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133419445203590463"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1508	chrome.exe
1508	chrome.exe
1084	chrome.exe
1084	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 4984	1508	chrome.exe	70
PID 1508 wrote to memory of 4984	1508	chrome.exe	70
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 4816	1508	chrome.exe	72
PID 1508 wrote to memory of 700	1508	chrome.exe	73
PID 1508 wrote to memory of 700	1508	chrome.exe	73
PID 1508 wrote to memory of 3308	1508	chrome.exe	74
PID 1508 wrote to memory of 3308	1508	chrome.exe	74
PID 1508 wrote to memory of 3308	1508	chrome.exe	74
PID 1508 wrote to memory of 3308	1508	chrome.exe	74
PID 1508 wrote to memory of 3308	1508	chrome.exe	74
PID 1508 wrote to memory of 3308	1508	chrome.exe	74
PID 1508 wrote to memory of 3308	1508	chrome.exe	74
PID 1508 wrote to memory of 3308	1508	chrome.exe	74
PID 1508 wrote to memory of 3308	1508	chrome.exe	74
PID 1508 wrote to memory of 3308	1508	chrome.exe	74
PID 1508 wrote to memory of 3308	1508	chrome.exe	74
PID 1508 wrote to memory of 3308	1508	chrome.exe	74
PID 1508 wrote to memory of 3308	1508	chrome.exe	74
PID 1508 wrote to memory of 3308	1508	chrome.exe	74
PID 1508 wrote to memory of 3308	1508	chrome.exe	74
PID 1508 wrote to memory of 3308	1508	chrome.exe	74
PID 1508 wrote to memory of 3308	1508	chrome.exe	74
PID 1508 wrote to memory of 3308	1508	chrome.exe	74
PID 1508 wrote to memory of 3308	1508	chrome.exe	74
PID 1508 wrote to memory of 3308	1508	chrome.exe	74
PID 1508 wrote to memory of 3308	1508	chrome.exe	74
PID 1508 wrote to memory of 3308	1508	chrome.exe	74

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.guardianspain.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff961339758,0x7ff961339768,0x7ff961339778
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1756,i,7287030402225548048,10788191848497737903,131072 /prefetch:2
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1756,i,7287030402225548048,10788191848497737903,131072 /prefetch:8
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2036 --field-trial-handle=1756,i,7287030402225548048,10788191848497737903,131072 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2684 --field-trial-handle=1756,i,7287030402225548048,10788191848497737903,131072 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2676 --field-trial-handle=1756,i,7287030402225548048,10788191848497737903,131072 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4676 --field-trial-handle=1756,i,7287030402225548048,10788191848497737903,131072 /prefetch:1
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5104 --field-trial-handle=1756,i,7287030402225548048,10788191848497737903,131072 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1756,i,7287030402225548048,10788191848497737903,131072 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3760 --field-trial-handle=1756,i,7287030402225548048,10788191848497737903,131072 /prefetch:8
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 --field-trial-handle=1756,i,7287030402225548048,10788191848497737903,131072 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 --field-trial-handle=1756,i,7287030402225548048,10788191848497737903,131072 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4524 --field-trial-handle=1756,i,7287030402225548048,10788191848497737903,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1084

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:816

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x378
1⤵
PID:3016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
1fa8d0b87f06da16634ac7da8df0d45f

SHA1
232b2582d3d6cfac1ddda22ef15df380d09f3ea4

SHA256
dd0d06842676072febe39fdac4afa11936b27725bb50ef374cd538bdbf9a49cb

SHA512
fa4e8dbf9d87534b344c76a86104f487341240372f1e467c2da1f3a3fb374109f5935cfeeb6ee057817b513c7ead54520ae9a98e6adbae13ef030a81c3ab8e33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
d81fe84fc6350cfe09ec98a020c8369c

SHA1
9bf1778a5ef02472e1125a490e5278a8332d5f53

SHA256
350ba7e7c96f3f3e99501ca575dbfabf6a535a4c3ab155ad7ba730b9008ecc3a

SHA512
532450eb4e25a3ae07a9ec402caeb8da3fb583fb0aca7fccc5aec5a96764d49425dfd8663b7a3ebd8c488f1b7f53190966bcc0e0d18c7c9c92fa2cd7c16bf192

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3bddd9b7657183451b87eaa4bd54a8ba

SHA1
6e4d73dbef56fda263a92f6c935aeb69572119bc

SHA256
995fe45eb2b996563fe75c57d0e6750392b0d0bdab1874a04855a1a5fbe551dd

SHA512
318d1646f04deb5ca9ae86c55717fbb2b181fb45d8012c90e89be43b376216c14b87815a3ed3f0d3d98addba0b89e878854061c6d5cf7e651e16657095d9ec9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9e200a638a9f5700acdc9cf1049b4291

SHA1
d84e615d1e98cb4e8e46053e276007f955b0da40

SHA256
31f82cba6ee5ebc1eacb2fe977717f7fb80c23ded25af4c2f8bfb4e3fbe30f65

SHA512
65527676258871e911b121fa8412f34c5379cba3196db96a335f3775fb13f13ec7ca609a8af681b50d6b82f9e95ac43bc0822d6c787847629282e3ed2eaa1ec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a76053bc88659d8f17afb94c2d1225c6

SHA1
5e33fcb504a6fd488f531a52b8ea97bfca514831

SHA256
e82958dd4730f2742f440cb81dd1ae5ed22ba3a6bbf73d6af25ed0a2cf79fa52

SHA512
a656fb3d7506e48554e4d0d072c3e170ff33af2634ce8abe1f5eacda15467e78247e2723b719dd3ce9015f42e9ae380b8527dffb247be8c40e40281ec717b6f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f5962785a012fcc16d5dcf4d94b0410e

SHA1
d6ab27c161b76ff4f93d611dc43efa907ec0b66f

SHA256
330f9678414f9cd2192303fd122791e3ec30384056b7e8a8ca2f74dcf407e71b

SHA512
bb2c527382ab1e996dc4eba8febad2285785c1aecac08d8553329b7a06ff7ab4fef46732b664e5a40aa4d315fab910c0b15cf88c2e613d1303175e1cc7d2bab2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
831264a263c6177127c49e208b7de56a

SHA1
a749cf387860e7215c2c4b087c656d5bf98dd977

SHA256
cadc6224bfec969f57ed818a175863f461b2179d0235b3f6acf4cd1b5b14561c

SHA512
9368d9d88428e60d2906edce858fe4098192a4cbcc1dbc8f2e8d6b670e60186e121991710eda87a21ce2fb913cb1b84f91e5e978539be22a57ca00d60025cd44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
625e9d281a2cd74d156db68e779540cf

SHA1
b32c21134944ef01cee96f399ebbdff6e0f7804e

SHA256
6304a8843c07534f637732eeb93d016e0cd6072a740a09df6bf9148299a9c218

SHA512
90a32fbf76a4547d34e30faf35b9930f470d7b26ae8fc527908341a9850ba2aec1aa8cc29cf15a8a1d75f401920a59a4a86da6001d156e6ede99311d1e7d1992

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
74B

MD5
73a465dadf426a1816e6124332dbbe2a

SHA1
9016ee293d948b12d364e9eeccf7eec06a1aa032

SHA256
60ebfbe19e0b00485e81b7fa15d8988ac37bc2cdfd734311d3ee4b24f562a8bd

SHA512
e55d2a34a093562bf8cf9d051dcb7b1bdf459a86cdfde578ece91f76ec18f7fd1007db5c93dcd9864fb97dd7d5d7581ec6bbfb0d0e867e04290bf434935725f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe57def6.TMP

Filesize
138B

MD5
91ec60593a64a395f16955468ffb993d

SHA1
6dcc5fbc85f2fb7869f504d1b30b0521cbebf936

SHA256
5adca843e3a6092d8fc9ddc8d21f6fa4ebb530d5909334b426f346529d4b13ee

SHA512
7e226e62b522052ae1982e4baca07839da97ed55b035120cddcf6277f5ef3a1a59ad267ce2e4c8ace86d6dbc089ee41b99e865219ba1c43f7f075420e53aac17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
cb9d75a583796828c0e6881819072b2d

SHA1
65ac2ad597fb0e3b662d73b8750318fdeea6b7b6

SHA256
b0a42cfe672ad5ccab4361a285c2fec581edb74820a788d2f168d8bc658bf3f3

SHA512
e64cfa12873d15dbcfdc3c0ea4489f0119c9a83f9fd5ddde77645c5af1b9b440c6544504832090f48438953806416cef0dc4c52d8199fd84eb5b587e424202a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit