hxxps://pesquisabcb[.]bcb[.]gov[.]br/empsetornaofinanceiro2023

Analysis

max time kernel
110s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22/11/2023, 11:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://pesquisabcb.bcb.gov.br/empsetornaofinanceiro2023

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133451244481885657"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5072	chrome.exe
5072	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
116	OpenWith.exe
116	OpenWith.exe
116	OpenWith.exe
116	OpenWith.exe
116	OpenWith.exe
116	OpenWith.exe
116	OpenWith.exe
116	OpenWith.exe
116	OpenWith.exe
116	OpenWith.exe
116	OpenWith.exe
116	OpenWith.exe
116	OpenWith.exe
116	OpenWith.exe
116	OpenWith.exe
116	OpenWith.exe
116	OpenWith.exe
1496	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 3492	5072	chrome.exe	67
PID 5072 wrote to memory of 3492	5072	chrome.exe	67
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 500	5072	chrome.exe	85
PID 5072 wrote to memory of 2440	5072	chrome.exe	86
PID 5072 wrote to memory of 2440	5072	chrome.exe	86
PID 5072 wrote to memory of 448	5072	chrome.exe	87
PID 5072 wrote to memory of 448	5072	chrome.exe	87
PID 5072 wrote to memory of 448	5072	chrome.exe	87
PID 5072 wrote to memory of 448	5072	chrome.exe	87
PID 5072 wrote to memory of 448	5072	chrome.exe	87
PID 5072 wrote to memory of 448	5072	chrome.exe	87
PID 5072 wrote to memory of 448	5072	chrome.exe	87
PID 5072 wrote to memory of 448	5072	chrome.exe	87
PID 5072 wrote to memory of 448	5072	chrome.exe	87
PID 5072 wrote to memory of 448	5072	chrome.exe	87
PID 5072 wrote to memory of 448	5072	chrome.exe	87
PID 5072 wrote to memory of 448	5072	chrome.exe	87
PID 5072 wrote to memory of 448	5072	chrome.exe	87
PID 5072 wrote to memory of 448	5072	chrome.exe	87
PID 5072 wrote to memory of 448	5072	chrome.exe	87
PID 5072 wrote to memory of 448	5072	chrome.exe	87
PID 5072 wrote to memory of 448	5072	chrome.exe	87
PID 5072 wrote to memory of 448	5072	chrome.exe	87
PID 5072 wrote to memory of 448	5072	chrome.exe	87
PID 5072 wrote to memory of 448	5072	chrome.exe	87
PID 5072 wrote to memory of 448	5072	chrome.exe	87
PID 5072 wrote to memory of 448	5072	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pesquisabcb.bcb.gov.br/empsetornaofinanceiro2023
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdcf59758,0x7fffdcf59768,0x7fffdcf59778
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1888,i,8807527071994389305,16821558839048301045,131072 /prefetch:2
  2⤵
  PID:500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1888,i,8807527071994389305,16821558839048301045,131072 /prefetch:8
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1888,i,8807527071994389305,16821558839048301045,131072 /prefetch:8
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1888,i,8807527071994389305,16821558839048301045,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1888,i,8807527071994389305,16821558839048301045,131072 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1888,i,8807527071994389305,16821558839048301045,131072 /prefetch:8
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1888,i,8807527071994389305,16821558839048301045,131072 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5108 --field-trial-handle=1888,i,8807527071994389305,16821558839048301045,131072 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=1888,i,8807527071994389305,16821558839048301045,131072 /prefetch:8
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4748 --field-trial-handle=1888,i,8807527071994389305,16821558839048301045,131072 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1844 --field-trial-handle=1888,i,8807527071994389305,16821558839048301045,131072 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5592 --field-trial-handle=1888,i,8807527071994389305,16821558839048301045,131072 /prefetch:1
  2⤵
  PID:712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5724 --field-trial-handle=1888,i,8807527071994389305,16821558839048301045,131072 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5864 --field-trial-handle=1888,i,8807527071994389305,16821558839048301045,131072 /prefetch:8
  2⤵
  PID:1812

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4320

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:116

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
20KB

MD5
87f1de38605f5c84112f2a548d77cbf3

SHA1
e74e10c20cfce7c84e8e748a771a708c577568c7

SHA256
0a43d6e1fe78797fd412b522510f96861cf993c4b749d594c60d1b0a4a0c14b3

SHA512
d2b4d9e67742c828aec76c09986e8f7818311a7622060c527be8229aa867d4dbfcdfb9243a3bdaa22f0ea1e0327c3c9441a38d9c33d42642cfd27b4028fa334f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
1099fc6f6f63b310ebee82ec85458e9b

SHA1
b24968bb271d9a7dc080b37f3d3fac959cb8c9d1

SHA256
c1db8fbb7925ccd297963f280f6a1996c3352b2178674aa152c408bb08d3695f

SHA512
f929b9cdd6bea54107a8aa181be66ec4a3616a8e8b96d1676b1aeaad5c54637680da67065671143df3973aba92d4ad2faa45797c4eee50715b43b9755dd78836

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
669792c950d426080435ed2ce4e4b925

SHA1
415c8062c0d4b06992a513452a539620783a1e23

SHA256
41e53646e77f550358514540f47d932b4d8d0ed45e7c6ae8265816ea27dc2295

SHA512
7fb30f0a22ef7ba684de4185c2a4e836ec0ee2734a228fa71e2bbb83343d71ddb7e51e32ca58dc1bc493088f0be766b62bce5262aedbeb091e59dc18a0b80f9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
703B

MD5
f05333b9157b8672d29028a27deb28d7

SHA1
af2d91b013c6e0848d697f5d777b16e9d152d193

SHA256
3097ea306d3356a29c5e92e324baf4d933cdea32e83291448c93c64e722eda29

SHA512
fe833d0b005236c3b9177228a1b1c5aa177a18ee413a09e95dc2adc48f3d786589f916477486aa5c53305bb7fbf446de7a974b365eb98664082f719b1ce7ff20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
703B

MD5
b5ead69e4049a3df427288f7a6c2816e

SHA1
dade574e9e25524390592a33ae38c14d897ac084

SHA256
081e92703ad4e8a70e4ec406219d013416b059d849d1112a7263faaee69f44f0

SHA512
458d1e3fdaec2e107d9e6a15de30b4acde60ca9af89956d0b715483206c570baa1ca6b3cd71263205c0e964f590a58af549d295f9c112ba414cd8ce09500f0bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
703B

MD5
89599d485eb6db230b06fd90e0cf6993

SHA1
2ab656166a9d0b540e518fd7a7d4c49bb196a301

SHA256
01b21f51b372ec97c295349aec7dc0a629e08abb54911ed14a2f0b235c539ed8

SHA512
8383192f70a021f64289ce4efd0a1dd2fc52f112b068624dec90f660c5425b6ce73715b72b464ee4bae8be1d52df0aaab63b8de805bfeea3b63038292d907fae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d854e275976ccea50dbf3eb35a85a5fe

SHA1
4a45d4d3f455141ddcff1f70e2037baa07493c1e

SHA256
e6c5577ec2db478a4edf505a61dc6137e3c0c9f52d7d194b2e03267fe7c17569

SHA512
e8fec8806741bccdf1fc9ca28114a4483760d3735ef8e0a83930f2e5a036fa1eb36e813e0ea5136bdb855420160af296da275e6fb351febabd32caf27ebd67e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c956dcfed0fd0b3efe4e8836f20d2d8f

SHA1
0995073dfe96e868e6c0ffc69928f2c137e4bc7f

SHA256
5d5b2330a970d48aa385b6881ef13d1695a1757dcbb29b97a1063c254eb776db

SHA512
5b551225db19a889584f67f5ff35756b1c13045bc214ec571cef5bf8ed6d89a322b6cbb830e5ea1109784594676f81828c3e728bb48042b68e9e3c5c9051458d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0cae369ef1c3decbc4628ac455174831

SHA1
b1289c3e731eee93d121baed41b787d673a09396

SHA256
286ffdd89db96223e8d6fec6efdf7bde0400ccab9e65b6a0314176699df94e2a

SHA512
6e3385175ab4742995e6c7085c60b17b26998799072e25e1b8326538004bb3a298ea26b9a11f072b366340a4fb2be119e64b6e350efa3dc7a04fe81c39f38a3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
749d850b028991ddfb06521f42b10779

SHA1
70dbb967eb3766277f759f70f4d6bc661e118e2f

SHA256
accd07d034fd69977b8d834db47cb36413fc6a9e92ab29f24b8d3d2db7eb29f7

SHA512
85087be195908fbfb746bd08037e2c84d43d65282b1131b9643ecbfb9fa10d6220590c58b6ec9c16ba2245c466fab7fe8c8a708ac84f76493070734187fecdc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
72af45375620e446c7a8d4bfbd023035

SHA1
04c51c0718d707695a0d3a0126f699faa0e0f93b

SHA256
524804b882388edcb170fc59a23be7660ec54e3d27b063f212d048fe67fab9f3

SHA512
aaf1bd2249806565c0c4acddbb4dadd6050fa37194d6caddce74a7d2ada0f44e3316a8f2cb20c8193392509450620793881e2aba84466511eed5f35698076fc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
dca8af4d1401a604d96e52bf169d1fe0

SHA1
7427cb92d6d2c856597eae635aeed6c06fae362b

SHA256
afa8f2530443509cb51b743290a7d73f6d058f362e7892cbd1d6c6cde991e983

SHA512
7971313df40ab56077158654c80dc5aa1b8333f1589e5cfdf3628e881e9b375086b225fb0ac9c91f04bbbd07160db9ab7e95ece19f01298a22cb6537f9203f61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
f49b6e96ff7cbab71c0e2b47f60140d1

SHA1
4ac758b19c94a66b153c5199e9ea9925496841a9

SHA256
fa3f78c85be07d70f66fb444f99cd4e7c0471bf97251898b4a33878106c74608

SHA512
e93cc43c89f69a6d36d498812924c99427c4f08765273b5e2ee427e1bb7f5ddeb5eb3e4760ec2e54f6b3bc53743cea301a5081b5159a1b1a2a39690e7a7095be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
75c2557553838840daf85e6952f701a4

SHA1
e1ab7a27610d37a88e01e8c3995d7dceca574465

SHA256
d6e6ed0764702fa3d53b9ff7c7b1e9f513ffa58d6dd076e227bd0114d417c958

SHA512
3e1ae747c84d7e3a16abc2135d2f8d022fd2266481899962bb0468a6cd90b99326828b61ccddd15b42f71dfd5a65b8ea87227c8a180eb97acf44c33173b72ed9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581c7c.TMP

Filesize
97KB

MD5
ee93b77cebb0f0b53102ffb66da9145e

SHA1
ee9b32b2a48d6e0f9fcc8759081096c6996100c5

SHA256
912dd70bf7d60e1e1e72738729c8d6f4c266510255c5bc48f5162bff0db87c26

SHA512
f8b1622233bde16a2658714c3ac46cb7446dee2b86e59a92de4787c87d5ecc2d7cb5bdc42bc665a75e574f2324bcd2d34da9570966c2be12e549c292bc898321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit