hxxps://KOSryMDs[.]nsaproducoes[.]com[.]br/dshjdsfhjds/Y2hhcmxlcy5kYXZpc0BzdW5keW5lLmNvbQ==

Analysis

max time kernel
300s
max time network
269s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
14/11/2023, 14:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://KOSryMDs.nsaproducoes.com.br/dshjdsfhjds/Y2hhcmxlcy5kYXZpc0BzdW5keW5lLmNvbQ==

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133444456906344427"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3768	chrome.exe
3768	chrome.exe
1816	chrome.exe
1816	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3768 wrote to memory of 2188	3768	chrome.exe	46
PID 3768 wrote to memory of 2188	3768	chrome.exe	46
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4316	3768	chrome.exe	87
PID 3768 wrote to memory of 4100	3768	chrome.exe	88
PID 3768 wrote to memory of 4100	3768	chrome.exe	88
PID 3768 wrote to memory of 2768	3768	chrome.exe	89
PID 3768 wrote to memory of 2768	3768	chrome.exe	89
PID 3768 wrote to memory of 2768	3768	chrome.exe	89
PID 3768 wrote to memory of 2768	3768	chrome.exe	89
PID 3768 wrote to memory of 2768	3768	chrome.exe	89
PID 3768 wrote to memory of 2768	3768	chrome.exe	89
PID 3768 wrote to memory of 2768	3768	chrome.exe	89
PID 3768 wrote to memory of 2768	3768	chrome.exe	89
PID 3768 wrote to memory of 2768	3768	chrome.exe	89
PID 3768 wrote to memory of 2768	3768	chrome.exe	89
PID 3768 wrote to memory of 2768	3768	chrome.exe	89
PID 3768 wrote to memory of 2768	3768	chrome.exe	89
PID 3768 wrote to memory of 2768	3768	chrome.exe	89
PID 3768 wrote to memory of 2768	3768	chrome.exe	89
PID 3768 wrote to memory of 2768	3768	chrome.exe	89
PID 3768 wrote to memory of 2768	3768	chrome.exe	89
PID 3768 wrote to memory of 2768	3768	chrome.exe	89
PID 3768 wrote to memory of 2768	3768	chrome.exe	89
PID 3768 wrote to memory of 2768	3768	chrome.exe	89
PID 3768 wrote to memory of 2768	3768	chrome.exe	89
PID 3768 wrote to memory of 2768	3768	chrome.exe	89
PID 3768 wrote to memory of 2768	3768	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://KOSryMDs.nsaproducoes.com.br/dshjdsfhjds/Y2hhcmxlcy5kYXZpc0BzdW5keW5lLmNvbQ==
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffae919758,0x7fffae919768,0x7fffae919778
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1952,i,932422402412802366,13639641835510060556,131072 /prefetch:2
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1952,i,932422402412802366,13639641835510060556,131072 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1952,i,932422402412802366,13639641835510060556,131072 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1952,i,932422402412802366,13639641835510060556,131072 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1952,i,932422402412802366,13639641835510060556,131072 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1952,i,932422402412802366,13639641835510060556,131072 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1952,i,932422402412802366,13639641835510060556,131072 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5052 --field-trial-handle=1952,i,932422402412802366,13639641835510060556,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4964 --field-trial-handle=1952,i,932422402412802366,13639641835510060556,131072 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5296 --field-trial-handle=1952,i,932422402412802366,13639641835510060556,131072 /prefetch:8
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5424 --field-trial-handle=1952,i,932422402412802366,13639641835510060556,131072 /prefetch:8
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5568 --field-trial-handle=1952,i,932422402412802366,13639641835510060556,131072 /prefetch:1
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2764 --field-trial-handle=1952,i,932422402412802366,13639641835510060556,131072 /prefetch:8
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2300 --field-trial-handle=1952,i,932422402412802366,13639641835510060556,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1816

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5e3fddd89e9ca85a6817d8a684d7816e

SHA1
2ad860e4e27725099c78bce3619c22351eaba18e

SHA256
9c682e074bee50593d0a6ff1b4e093327c96fb7c0e5f68dbd3120f380648ca41

SHA512
ed616b5ceccef9140de4dbe8bead756663d6dcff4029d85075cdc5cefc3b6115b92493a5885e453adee3ec6f2f2479f5d92279367e303b83f55d20b356d6e35e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
13722bd3966a11b2935ca5123978ed02

SHA1
dbe45c09a58307f5f8a07d255817327812b44844

SHA256
6a0c54a0d459d446c1f763322c9b2f768547ab0fc1b45d0643930d26775f9729

SHA512
d8caeb46f33303ad6c4a58effb95e8c7f5d83659884e144deb394ec20a6ca0acb36b6740b120afc58c71d313b7592ebf56cd48cb4b1cb9cd77c3cf300fa6878a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
03f0cb1f88767cf0d3343039cc7cdc25

SHA1
56b7e85fe8aee4ec461343e5b88f39653afaf7a1

SHA256
b53fc86545e70579f76f1bf658d07011d2be616673d85bbdc2c95f1ac0fd9126

SHA512
560919d24ef4382c15445c2c2ed85353ed4408642737fad8d3a119a8ae75ac56d963dc67224b2d01648508ed06555dec25df71ea0f7c6091a025772c4333f0f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
576ed007ee1dca9cf967d702785faeaa

SHA1
fd857c2ed4b3ba686f7f8c3b20bfd45d0fadacbc

SHA256
a0e2ff569956f0f31626675d06e75f292f3ad2b91ff4ef28b798debadecb171f

SHA512
a382cea4b52abf339f7abbed1a97914131211f8c08de9989745987f6eb9bbdaa60f016a3f9e21b4a8a37125a03f0af3b20de38d17fe46c17c0b8860a87621c5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d4dcc844af9d6db943021d48708b0b05

SHA1
9d48715094fa02ae1c6486424b0424ef2eb82847

SHA256
c130a5e4d4d83e3e7251b2e3ac580d86a2f2370e18a7e55a502b7c77f327b3cf

SHA512
71cbf3608f7a731a59dab0cddc5a165b3385f7ee157deef91ae6023ba729ea9177ed68d1af62cc4a4de6ec063e3d8f438d6c2267cfe3424ba9a737230ea2ce8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2162cafdf06666c71b1b2bdc8c3ed4e2

SHA1
bb44359066319639967f4d0b7829106692156cfb

SHA256
5949912dd8df6e4e2d7514a5988aa333a274967655bf519df8e00961e6e5fe76

SHA512
074b6c9258d1e37167eb994efed4c54d2978f09ddd12efa129992687bf8923be522dd98ea36b1fe6a50ca61dd13747ef61fba714470e947dedd1dcc3b5d819e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
42d11892f0461fd64e7b3116111a47d1

SHA1
684c930f8458ab6033ed6f2da1ee5f24ef55f5e0

SHA256
283db200fa2da8843a5b92c55b275f1e8f8153137bf386fe1b8cddb0b49d5ad6

SHA512
7806f00fe6ffa0b9067580404ad9f8f87a78656302eff8f5b4581de89d347dbf104e0dfd7eb067e2c9f5884785f5f0b4b352006242a046a07dedd8a3c47753a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
b1891fba5eb872682adc308afc658387

SHA1
d66c698605e80de8dd5fd7ebdef09343b3bc072b

SHA256
45874d1f607b6dca59ba017b76a881210f3d397eb8afddf8b40f7de2e2c7200b

SHA512
b782b7deabfdd7f43c9e36cc01168fcfd9bf946f952a298b5049502a608eec29170df91664f5a85cdb0866cd2e45192c9fb5d4099c32c5102207881b88b8cdb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
c666534a98aae15c7eb04e2a8ee29f84

SHA1
fce869d6cfda7eaa85db36915a4916f383cb3fa5

SHA256
74233ce757f91c149c0b0cf46623543d7e1ff68a4c2e8e3ead73ac8968699abc

SHA512
69f027bca76e87e63708c49eda3d72da59ccf19a29f8d58da6548e116a6d618d76815422c6dce40cf7aff70a7386cd76079f1fbd433ba765f82c0231001c2c51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
f180d16788510ded1c55d3c5353ccc82

SHA1
348029dfe36f0d8efd21d6973f62da32d169e556

SHA256
66bf525a9d175f703d00cb3a9ffd01fa658069bf503ab6a94b5df193ce3b79ca

SHA512
df7aeeb4ac8de462a8187c8f90a2714063eaf88975d893acee739af840bd6f5aee7ead593686315b590f92a91656d9644460bc8b3048af58685d551c66a645ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe594992.TMP

Filesize
97KB

MD5
a1dbea4b5df716504f72b04fa2c78a63

SHA1
b7e61fce8679cbfd9b874daf91af3757a1cd5fdb

SHA256
cb16036832209cffb0626ee04aea21b1c29d461c0a5e1207af36dc3bab2f1627

SHA512
81dc0dcc8b4a7806471b3b681dc57b1c5f09b99b61e9c394c1d45af7aaef971bdb16afc85175867f84c088b410de7d509ed56276e81741363b1b209fa841e6fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit