hxxps://bestbux[.]site/

Resubmissions

20/02/2024, 09:54

240220-lxbx6see8x 1

20/02/2024, 09:50

240220-ltz6laee61 1

Analysis

max time kernel
149s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
20/02/2024, 09:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bestbux.site/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528962647904626"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1002246581-1510179080-2205450789-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4024	chrome.exe
4024	chrome.exe
1656	chrome.exe
1656	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2992	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4024 wrote to memory of 1468	4024	chrome.exe	32
PID 4024 wrote to memory of 1468	4024	chrome.exe	32
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 1480	4024	chrome.exe	84
PID 4024 wrote to memory of 2424	4024	chrome.exe	83
PID 4024 wrote to memory of 2424	4024	chrome.exe	83
PID 4024 wrote to memory of 2104	4024	chrome.exe	82
PID 4024 wrote to memory of 2104	4024	chrome.exe	82
PID 4024 wrote to memory of 2104	4024	chrome.exe	82
PID 4024 wrote to memory of 2104	4024	chrome.exe	82
PID 4024 wrote to memory of 2104	4024	chrome.exe	82
PID 4024 wrote to memory of 2104	4024	chrome.exe	82
PID 4024 wrote to memory of 2104	4024	chrome.exe	82
PID 4024 wrote to memory of 2104	4024	chrome.exe	82
PID 4024 wrote to memory of 2104	4024	chrome.exe	82
PID 4024 wrote to memory of 2104	4024	chrome.exe	82
PID 4024 wrote to memory of 2104	4024	chrome.exe	82
PID 4024 wrote to memory of 2104	4024	chrome.exe	82
PID 4024 wrote to memory of 2104	4024	chrome.exe	82
PID 4024 wrote to memory of 2104	4024	chrome.exe	82
PID 4024 wrote to memory of 2104	4024	chrome.exe	82
PID 4024 wrote to memory of 2104	4024	chrome.exe	82
PID 4024 wrote to memory of 2104	4024	chrome.exe	82
PID 4024 wrote to memory of 2104	4024	chrome.exe	82
PID 4024 wrote to memory of 2104	4024	chrome.exe	82
PID 4024 wrote to memory of 2104	4024	chrome.exe	82
PID 4024 wrote to memory of 2104	4024	chrome.exe	82
PID 4024 wrote to memory of 2104	4024	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bestbux.site/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x10c,0x110,0x114,0xdc,0x118,0x7ff9c29e9758,0x7ff9c29e9768,0x7ff9c29e9778
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2132 --field-trial-handle=1796,i,8460628015500293386,1941673996828035785,131072 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1796,i,8460628015500293386,1941673996828035785,131072 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1796,i,8460628015500293386,1941673996828035785,131072 /prefetch:2
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1796,i,8460628015500293386,1941673996828035785,131072 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1796,i,8460628015500293386,1941673996828035785,131072 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1796,i,8460628015500293386,1941673996828035785,131072 /prefetch:8
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1796,i,8460628015500293386,1941673996828035785,131072 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3768 --field-trial-handle=1796,i,8460628015500293386,1941673996828035785,131072 /prefetch:1
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=904 --field-trial-handle=1796,i,8460628015500293386,1941673996828035785,131072 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5316 --field-trial-handle=1796,i,8460628015500293386,1941673996828035785,131072 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5452 --field-trial-handle=1796,i,8460628015500293386,1941673996828035785,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1656

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:336

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2992

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7b73ff6d-7fb6-40f1-8858-e578f8b1fe1c.tmp

Filesize
7KB

MD5
f908368777cf6753d87b3c290f3ccd3f

SHA1
191b970368409ab29932dda18a191dac2de46529

SHA256
070fa06026f59adbc6674623ce0c3f3063b12200aeb0195620526d8f7b0ce7fe

SHA512
492563f4f53ae3c6b6d92152ed65f29ddcbdd0d0c68396d57720acf079dadd6822f8e312379289e55cab3d54eb710aa84ac071f8891e47ec312e6107ac247acf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
8bfe73cc9a4815d191e4aa102fc6196e

SHA1
a807781d8256d2b8a4da89e16569b8396ad6a680

SHA256
6cba94c2a05f1b8fa9a982c6f7623db166e6e38b0ef37bfed3abf0807492b3dd

SHA512
afaceb30f621acfe5e826a4fe5f44d342e8e1e484d0a4109553745c78ab065edd6773220e6bf684d8f96a21c750d380ffbceb2afee029af817eb135770d69a9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
12f466f97f720085ae4029cbfc1ffa12

SHA1
c48f3eabd1ffd3698b0f779adfdb1c75a0f9744e

SHA256
8558d19c7e76a4c3d565da09cc1eb94cbe507ff632770110c3de88218d9532e3

SHA512
b872cef01eced32264f3a20047fc8f3c1e530bc87d3c01c1f92db788b385a932df043ef6883c49ff8065eb2c26e44704918edcd3864a1c61cef271fe90c3041d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
42438cd1d772377f3433db3ea114e7d1

SHA1
481a1ec49518d1fc032569370665c15620a3a7e8

SHA256
a95e10a062a2891f5d711459bd36e04ba4cf7981546b268b2cf6d85989dcba88

SHA512
aae63643c29f02dc78c2ca5c041c8fb0e8a6a31cd2af7e3f68a2613fc43ee70362a4fabe0b8d76f30f458188083d391a7d9c91d1f4533526f86819b7c6b4c89a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
48997b481c93f6fa446cd38d97b56a80

SHA1
1755e59f0e56adb09e8fe2c2f5fed8e6696d001c

SHA256
d00c18148395c1215b744b960ec04f39237d9af9667e4269b209464879e1caf5

SHA512
c6fdd8df82c28eba44fa0480ced2b4304dc331be2429a5abcd4380584a781a90ced86bba2dc09f54ba419ab80371e6afeb21d934e011984e2ee959e06021203b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
e850b400d1d684c28ef13b817943b65b

SHA1
fcae03e4aecc5d667e685fc988de264004e1aced

SHA256
518be6b69390ef2c632947d4246f9311473e7580aa772febccba25c040fccfef

SHA512
fc583050369074cf7affcf2bd5dba3094596107c3b134d5a712a304adc6186341e97ad9dbf4ec6618118d4ef009721309c2ebce4ff01e497c1958476cfdacdc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
02d0c48f11438cec2ff6a663799a0032

SHA1
c4efa2a99fd6c0bb50824df633c6a49b7c138ea7

SHA256
b3a87d9d1166c34bfb3601c07423b0a8faef70f135fe9de644bee21be4e462e6

SHA512
51b6845e7e4ea36b42988d00cfc1e561b87b44b9ef4360de078fde3c6ccf5922ee446c0cf772c6363daa8f227dcd94ba0e0575017df397e0dffa8e85f4b9183c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
f8ac16dc393aad124e3b30df430e282e

SHA1
6cce79e04eab8e5ca132fbaa2d035b995bd0a130

SHA256
44bf8f182331d0a8daed12d95f3d612ba8f2ba4fd32818ef115c2ffc779ea39a

SHA512
90884a73b8ddfc40b651f720a8853e267c7218f2bc76d801d6520a9a07aa509f939fa8569592cbb87359d851ad479f96864c20ad95309fe3bf76e7a62e72b62f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
18ced9c59e9a0f3841d6e99091bd427c

SHA1
45e1d4ae4a069799f51f6ccfff129b666c60f23a

SHA256
f83ea93edc9c76801575cd5f7dbea1b93ead6866402c1c7df014ef604c64d9af

SHA512
2a43e23d944860bb8744f4a1b2bd85a97c65ebd513923f0370c1072c248dae90e0c4c0ec5ed98bd754b71917521a5c9b98006f7ade6cb6befa9f4b3b52e18ad4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9196c836367be611b3d1feb7b50ca498

SHA1
47f8bd2a6f7fe189e7da37a44f8f32858815aff6

SHA256
76cbf42a32690a760a8a6702703e022462defc43110dd93385e23070df2f2365

SHA512
f32608f8c5ea75292b4566701f434a3dbf974deb8f9b1d6e39689bd879e487b7a486c8ec7f9876992d91f7cf02bdb99b47415b2b5ca75114212b20279579dacd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b5f635d03bb2c6c9ff0441433daa3c17

SHA1
e5cafab1f5c9db6cfe0c2040b91b189035bf8767

SHA256
c6413d1f7005bc9c32bfd2c4be0b66065d2574410819676fa472c6dfe62d46b0

SHA512
7d35982d2a476ca18c88f5112315ea78374228eadb9dfa77492b3e7646383d7f9bd4502a93b4261d450ffcd56e76593393cde12578e384026765a20750a5311c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
259f45668535bee1da80b6776efa0382

SHA1
910655b1e8b387af69303c87daae2a6cddfd75c4

SHA256
59fa62cf150d00469d898b25d5742a5331dde74694143a4bdbf1365ee32a5bb5

SHA512
9cf96ca48f2fd71c95f46970df529ccc2670915f234f3a50b99424e04f933209b5f132db1437da349aa5c1a2a40f2fcf82538a3b3c400f3abd77395a1f9f8f80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b47b9ad2321608680597d79fb8ca6972

SHA1
0a1505aad9286a1822ab52dba6050345747766a1

SHA256
24d5623909e7d3cb425a6328167ebd1d607936c7f8c49e19032f76b2be317341

SHA512
a4774a3ac68eee94c304ff77bdb9adaa244726df60ac1b7a054e2f558efe20d7aa2538f36d6e7aafc85b85802626265e392252cd1d62463ac0d22387c8850842

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
546f82c0e237d49c91c5b737bf17e5fd

SHA1
4eba5e8979f708f63879dc01922963bba04e864c

SHA256
30414188a1b3b04682b565810e9a7131b3c65ea1d5f62c2a3483ad65d222a014

SHA512
4c5c50f910099f9d59eae0b894a1cef6b3f97c211f645cd4aea1cc52cd0691026b7454aececcc957e1d96fc2cf0a2b5917984013e2dfd2c845e9bda15efb92e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
d95ed82b10cc54a61ef26ae4a85c9784

SHA1
5b8d9e0afb5e2e4d2170fb66952d5cd97ceb3970

SHA256
57acc6f7582eb1e48157ebe47ff33412651a29dc7d3d48315462c5a8a924fa66

SHA512
ff8ab9f009e3033e3795ae54c94333b10791311d386653b9f6d5e0395a6ad76d5d68083a7643594920bbe24526caa75d17ed3f68718bb32603631dbe8ef9b749

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
87f2584d8b58bc8c21aa75f6cf5bd700

SHA1
6e1aeb6d9aa3691cd14277e310e6eba117262963

SHA256
2d4bec37a10e697f1c693830d783b9861286df2e6865428033048364124ce8be

SHA512
f19cc41dd8cb7846cd3a6d98cf4d277e6abbddb6d79dd0e727d87ced5ec6cad5727ec5cc8d3bed6795dd8e6c279d9010fa436e0daa602061797312cdd7e96615

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
11KB

MD5
d90e784a2a95fc1d2e2199b6a907fbc9

SHA1
7e6ec69e4d899a81113a0b623f55e71ffeedeff8

SHA256
558da8426d77dea2c0be69bcca9730a7eb96bf79020b2ecda5509e1756fe4f22

SHA512
761c2722b6d75ecf2fc928f04fe5464ff275c8f6bce07ad7a19ed0e2c1660639c89ec2e38055bae1b5093937cc1d88ea3a481a883a13ee3682d3970c1cd33dca

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
11KB

MD5
85c26754118ae9c45f2b0695d83d6cad

SHA1
a9fd6ba548758878a0b5c1e44bf87a45f5ce77df

SHA256
13f27ba5dae3b34f9bd088b07a51ae7a9403ab42e1883232ac82614e3b073683

SHA512
9690c2b8107871fd4d9ee876e9dcce0df5c981e630b8a105461df334074a41b3f6e0a01375dae55c8e8e4f9d49861e640351127f5e0918f8618ca046729523c4

Download Submit