hxxps://hotel-id14952[.]pw/apartment/BookingConfirmation221223

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2023 09:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hotel-id14952.pw/apartment/BookingConfirmation221223

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133477988513183699"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3791175113-1062217823-1177695025-1000\{2F9719E9-EECE-4DF7-B9F2-5136B14AD260}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2092	chrome.exe
2092	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe
Token: SeShutdownPrivilege	2092	chrome.exe
Token: SeCreatePagefilePrivilege	2092	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe
2092	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 4424	2092	chrome.exe	89
PID 2092 wrote to memory of 4424	2092	chrome.exe	89
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 3200	2092	chrome.exe	91
PID 2092 wrote to memory of 4804	2092	chrome.exe	92
PID 2092 wrote to memory of 4804	2092	chrome.exe	92
PID 2092 wrote to memory of 1976	2092	chrome.exe	93
PID 2092 wrote to memory of 1976	2092	chrome.exe	93
PID 2092 wrote to memory of 1976	2092	chrome.exe	93
PID 2092 wrote to memory of 1976	2092	chrome.exe	93
PID 2092 wrote to memory of 1976	2092	chrome.exe	93
PID 2092 wrote to memory of 1976	2092	chrome.exe	93
PID 2092 wrote to memory of 1976	2092	chrome.exe	93
PID 2092 wrote to memory of 1976	2092	chrome.exe	93
PID 2092 wrote to memory of 1976	2092	chrome.exe	93
PID 2092 wrote to memory of 1976	2092	chrome.exe	93
PID 2092 wrote to memory of 1976	2092	chrome.exe	93
PID 2092 wrote to memory of 1976	2092	chrome.exe	93
PID 2092 wrote to memory of 1976	2092	chrome.exe	93
PID 2092 wrote to memory of 1976	2092	chrome.exe	93
PID 2092 wrote to memory of 1976	2092	chrome.exe	93
PID 2092 wrote to memory of 1976	2092	chrome.exe	93
PID 2092 wrote to memory of 1976	2092	chrome.exe	93
PID 2092 wrote to memory of 1976	2092	chrome.exe	93
PID 2092 wrote to memory of 1976	2092	chrome.exe	93
PID 2092 wrote to memory of 1976	2092	chrome.exe	93
PID 2092 wrote to memory of 1976	2092	chrome.exe	93
PID 2092 wrote to memory of 1976	2092	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://hotel-id14952.pw/apartment/BookingConfirmation221223
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff948529758,0x7ff948529768,0x7ff948529778
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1880,i,7196162969410184899,4084306697724898588,131072 /prefetch:2
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1880,i,7196162969410184899,4084306697724898588,131072 /prefetch:8
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1880,i,7196162969410184899,4084306697724898588,131072 /prefetch:8
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1880,i,7196162969410184899,4084306697724898588,131072 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1880,i,7196162969410184899,4084306697724898588,131072 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1880,i,7196162969410184899,4084306697724898588,131072 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1880,i,7196162969410184899,4084306697724898588,131072 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1624 --field-trial-handle=1880,i,7196162969410184899,4084306697724898588,131072 /prefetch:1
  2⤵
  PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5888 --field-trial-handle=1880,i,7196162969410184899,4084306697724898588,131072 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6092 --field-trial-handle=1880,i,7196162969410184899,4084306697724898588,131072 /prefetch:8
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 --field-trial-handle=1880,i,7196162969410184899,4084306697724898588,131072 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=1880,i,7196162969410184899,4084306697724898588,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5436 --field-trial-handle=1880,i,7196162969410184899,4084306697724898588,131072 /prefetch:1
  2⤵
  PID:5460

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4436

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x50c
1⤵
PID:5168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
0a686b9e675670d6394f9a0d13f0af59

SHA1
98ba1a832c7c579f27ad998fdc1f62b042cbb9f1

SHA256
7e13a398f86a2b6ecb66de5cb7af83baf0ee97c7745c375a338f0af78aeb13b3

SHA512
9320725b1711e9cd65582379b51cfa9e3e44c02de2db21447c3a79912b17552d5140fc278f19d7fe3a871a611ad9369baaf0e18344070c9832d75ffa8b6344d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
27626d0b00a251505b2ea78029056e4a

SHA1
d5b2e87d1c0d8293886714d50737bfe0ad2028c2

SHA256
6152a3caf40cd376989a832e877410b8d7b044048441b9e101d5fff28b8ae743

SHA512
428add0a594b9fd1d8b2ac3c3fe3010f375f20faec5c9dde24c2d0ab16521ec55aa515b996c74725a01246ca6e74e34513cdb740167542ec3f7ce6b96de12d3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ef14d06181a856f177bd3ef5e78a720a

SHA1
eb9a533c5b6d523a0e4529933198c7ccb7cdca0e

SHA256
fcd3c73f26977ba6eeb406db754ab3c0f2252ba16e07cd6c9cec442f4e0df8f9

SHA512
5eb3552e808ae9be5284a9fd31f2531db46e6523e3ff337f1ec7b0f8724b48fe4c86e647ebdf11a771879a241c8746b09b4f747f73d033c78568a274e9eeefdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
536B

MD5
e5dd114fa1767b06cc688f8d7a2b54ea

SHA1
b38467d4d7b7a177f1b704de9719e937ea2fd808

SHA256
f842007750c48d9b8d6e9805571a642cf9f2733b416abba709550a9917d196f2

SHA512
a0d8b5ca22c68b84b56fe1e8aa1071222c0c06d31f2576bf505aa3eefc39e27610d26f0945ba0d8d8daaf707632dc416e474f64db8ce9730bf54b3d713bb0a02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
41d221ecb32a72a0f839cf435f20bce6

SHA1
98cf324781e0e939dddd6c5a44fcad1d81ac1faa

SHA256
c6111b67835c20202b8c0d6efe338616c61583fe370670bce2c8a2b2e5726c0f

SHA512
638727211003484300fdf131ed1f95f88d194883e5568daf9fbb8c397a38e1b84e32e8baa4cfee548699c1cfff70fad51e0f87c2866de8ef61edccf988737edc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f99e5215755583fbe716c1a57eba4582

SHA1
7613a61bd0e58b4a7f59ab83d523daa1d1419172

SHA256
8aa7e712116a668ba4b67cc68a2c42466e4781a7db2364709a5b926821fee962

SHA512
deb5ca18ab48047eed844d8c4ec8cb8830e6eab5395c313694fd8bae0a389aa8ba680451e5877e7df96cda3564dfc48c97076eea030962d9c766e471930ee746

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
845ee78870f46bddb27c2382e3805757

SHA1
1547c6638b99759d69ea0f3a277d3983223964c7

SHA256
371eed1e4110c4365846069df5f88f25b8f4c8fadc4dcb7da360b377fa6bd0d9

SHA512
836cd50deec460e3ac4adb3dac394005453d72c5a7a7c10ab3f299c8795fc0a914678d936f746a1480a3436659711b46e4400d3305c8c98f1520c8cacc302c9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e75e3ecfcab84eb947a7181177882d05

SHA1
1e39493ca63e47a7959540718c493c5899e6dc2a

SHA256
08b981cd82be7f29fe59eaa967afc89206da91fb07cd8173318114c8a5a76c53

SHA512
66b10434ccffb779578c49678932975becf9a4385b49716aa7786f02b7c724b8d588804c3ec1d492392f2f5960b996a14e5253c31625671ff3a121e0cb637537

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
03c131aa82db272296ed86783f52959f

SHA1
751a7cf411505b9c61654ae5bb68811cf1972381

SHA256
c78d8f0e971723e30bb632186876fc5deae68c5c3ec8d642725280308862a9aa

SHA512
64e89c39753c712f9dcf7702a9d3e62dae092f9138921826b10b4d03bae0cdb5e60a5c58bb730a210fbef7a9d45ad31d290c29eab83fc6eec81778f85845c23c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
c2d4666676eca1ac1639a29d351edd86

SHA1
2657c734cb9ed8668928f924f401a4bc64e8e4a9

SHA256
62507e68bc9ced018b2fb3e53311ebf8f13755f17617f9ce356d9501b6d8ebf8

SHA512
2ebe68623abadef1be54b2a37d396c8fdc64ee2a7d616cdc25afdc9c2e50092a460c80e0d5fc941bbcc2253acd06ecf4167f296600bf649efc1785c3951964ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
a630f47411612e05a4847854dec461ca

SHA1
e6a9346c80405451236351fa7dceca3b36b009ce

SHA256
9365756f0c22f8cd2e097bd092e206e7a59988feffeb6f69bec391c67fb9ea8e

SHA512
e694c0c43408f9ba610c6c1dea1375954c7e7baa2535167de482c9aa2b59d7e4e62f0a73d6c787cc920b6cf42ed5c7edd8b570fdf2b6e219f9a1c27dd1996f89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
5e3b8bdb50a1659352304977bf62de58

SHA1
a47692bf1d229e6620f8d2b3da9ddd0d9f367054

SHA256
74d921b39e48daaa6c1719c3cc7fe80abb7324c41c8727a5d32299cdb7c3cbfa

SHA512
b562c5cb48feeae20715809a1457a568ae322e6cb531a8ef23b79c41b81c3924047636b047b4058dbb39b8112e9cd98f4e327664f96bc9cb6216fee10913b479

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe585157.TMP

Filesize
101KB

MD5
bc6533a5841d6ee80294908f7922d9da

SHA1
9cf9713ae50e0eeef16182deca2e414f1d652f04

SHA256
c8b4ec7a7e0873b545ccd82eb4c0443cf6a1811c6873382051d1ae2ecf520580

SHA512
258c714a415c4d0fbbe3297cc6daec528c47dded5c70ed1ac98aba302f7fd7a145761218de3d905f4f13ce72aaba3eabd3ef115837acfde6adfbf859abaa48ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
e69df79a63a64234d43f0283b707594f

SHA1
54a15a588b6f050e45a3af839e63767b818e3dc9

SHA256
b2419b7a0b41584978fb5b152425536c9d9dfb331df69ad7ba50d2433d44f138

SHA512
8ff189cc4cfa7ea200520e017a60691d78674517812571a93cdaf3499b105ec681a84fe0d81e732ed83cb006cd2128b7e4d5f50b88a4dfd55c3d0f9bdb193753

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit