hxxps://returnsworlds[.]com/

Analysis

max time kernel
270s
max time network
257s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/02/2024, 08:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://returnsworlds.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133536679809805716"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-399997616-3400990511-967324271-1000\{1C4D8823-E546-4F72-A086-920111DD750B}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3872	chrome.exe
3872	chrome.exe
1916	chrome.exe
1916	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe
Token: SeShutdownPrivilege	3872	chrome.exe
Token: SeCreatePagefilePrivilege	3872	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe
3872	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3872	chrome.exe
3872	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3872 wrote to memory of 4184	3872	chrome.exe	26
PID 3872 wrote to memory of 4184	3872	chrome.exe	26
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 1800	3872	chrome.exe	89
PID 3872 wrote to memory of 872	3872	chrome.exe	91
PID 3872 wrote to memory of 872	3872	chrome.exe	91
PID 3872 wrote to memory of 4740	3872	chrome.exe	90
PID 3872 wrote to memory of 4740	3872	chrome.exe	90
PID 3872 wrote to memory of 4740	3872	chrome.exe	90
PID 3872 wrote to memory of 4740	3872	chrome.exe	90
PID 3872 wrote to memory of 4740	3872	chrome.exe	90
PID 3872 wrote to memory of 4740	3872	chrome.exe	90
PID 3872 wrote to memory of 4740	3872	chrome.exe	90
PID 3872 wrote to memory of 4740	3872	chrome.exe	90
PID 3872 wrote to memory of 4740	3872	chrome.exe	90
PID 3872 wrote to memory of 4740	3872	chrome.exe	90
PID 3872 wrote to memory of 4740	3872	chrome.exe	90
PID 3872 wrote to memory of 4740	3872	chrome.exe	90
PID 3872 wrote to memory of 4740	3872	chrome.exe	90
PID 3872 wrote to memory of 4740	3872	chrome.exe	90
PID 3872 wrote to memory of 4740	3872	chrome.exe	90
PID 3872 wrote to memory of 4740	3872	chrome.exe	90
PID 3872 wrote to memory of 4740	3872	chrome.exe	90
PID 3872 wrote to memory of 4740	3872	chrome.exe	90
PID 3872 wrote to memory of 4740	3872	chrome.exe	90
PID 3872 wrote to memory of 4740	3872	chrome.exe	90
PID 3872 wrote to memory of 4740	3872	chrome.exe	90
PID 3872 wrote to memory of 4740	3872	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://returnsworlds.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd7c19758,0x7ffcd7c19768,0x7ffcd7c19778
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1884,i,6469309247448196526,3936363220036033923,131072 /prefetch:2
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1884,i,6469309247448196526,3936363220036033923,131072 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1884,i,6469309247448196526,3936363220036033923,131072 /prefetch:8
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1884,i,6469309247448196526,3936363220036033923,131072 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1884,i,6469309247448196526,3936363220036033923,131072 /prefetch:1
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4660 --field-trial-handle=1884,i,6469309247448196526,3936363220036033923,131072 /prefetch:1
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5296 --field-trial-handle=1884,i,6469309247448196526,3936363220036033923,131072 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 --field-trial-handle=1884,i,6469309247448196526,3936363220036033923,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 --field-trial-handle=1884,i,6469309247448196526,3936363220036033923,131072 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 --field-trial-handle=1884,i,6469309247448196526,3936363220036033923,131072 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3928 --field-trial-handle=1884,i,6469309247448196526,3936363220036033923,131072 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5820 --field-trial-handle=1884,i,6469309247448196526,3936363220036033923,131072 /prefetch:1
  2⤵
  PID:488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4816 --field-trial-handle=1884,i,6469309247448196526,3936363220036033923,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1916

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:8

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
f9423b7783f417dbe69e248ef3a79c3e

SHA1
d3855b5d732a380ba35c494f1a8cddd864a82f48

SHA256
a9890a7f5c339cf03c16eb3fa59926416edcba0089a4449a7d09693ab4cac9e4

SHA512
36cc21169abed1192613817247774b6903204403f663fee669eaa99af0a59530356674940129c4d7f1ae92ef655f9f26dd6e88cf3910b83870be2b76ec145f5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
f03442ffe5b9b6cc0128169b1deff98a

SHA1
6d5e5960534b5817410d6769075704ddf7dcd727

SHA256
93501b4413bb5afb5b6611f5f1f86d90ae57a36b1c879c6e3aaa825189dabb65

SHA512
e3ca80929d6bff383496b903d0c8a704705692a6698361f5d389a3a77a9759bd7cfdb81ab063ce084071c645c1991064c484aa1896815634a4a1a7168800f95e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
338ee40fb46614cc7e8ce9e06dca75c9

SHA1
fe855911868e722cec69657d188284f9323ba6f9

SHA256
f3a6908eedbddfd3c69bb3fde2e740da336e8b2de2a0f1245a91ceca24fca1a9

SHA512
99f0a16874c4ab0b00079f9d1d3470a80d8f0a345f4a21a0d8e224f160f84b6930cc7486ed62d9da8687da0e891613df67319e6be510ae04f74c7106a82778b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3ee53d4ae2e80e285e7677b1af0a7a0f

SHA1
83416797931426cd8c51c0e75ec772d4f6741949

SHA256
ebfd372518ececf3a7e6b10e524125ca6f68b060efb2e26510f4f18c7600fb57

SHA512
0bf56db55f2768a38d49acc19ef405c366a6ce40a85cdccec1b592a0d9d278640f36437d1c8a2412dc478b8ac613243c47c588ed8ba0f365885a0b471b81f846

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4bfbe72f95387200de187d249d6bb91d

SHA1
b61cdc69b315af7e64a47c6fc11d3427a6b41f4a

SHA256
754a42ebcf4be0900a6df223b3401f51fe07960e2040c8240d2eca33cd812ab2

SHA512
f01eeb9a97b595f67ea39aea09ecdb5482163d0e121c781dc9fe834e1e4287eb11bdde58dbe9c5f6e42c0bdf6dab6b6833a36dc4e2b712ce41eb4f5db57031dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
97e4b885c103509bc5d5fe0d55ae49cd

SHA1
ff351970f0125edcccf7795a6908bae12434590b

SHA256
9d7eac47394fb031925e7691b8bfde3f57cded5ca8807ced1007f609ce7d7a48

SHA512
6328d57f8e9bd7fe89bb92f0059b62bb000e976ff49c2214fdf9e99562d16403adbb7dbaf9c199af551df87c04a7577f0198078cfd148edab0de8379aa4cd94e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
408969d47ce18fe69ad44049d08de533

SHA1
2a61cbfd10f32ceb9db669a6058a465bf45fb420

SHA256
4ab725086e6b8a4dc103c564402fecea47b6a6073d4d4a99533b1e18d190c80c

SHA512
7c77b987fede8a1cf46ad821f55a8965542dbf1e2314fb648715409cc667734efa24ce7bda0b595099aaaa7185a9b530e2bb5fa91f54ba559106085a1bd62776

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2b3b506cdef7cf13d2f484bcc7a0c753

SHA1
3e52aeabe58b837b501ec88c46e026a5b993e239

SHA256
6315799e324cb7aead21481aeacbad950e10a0ea09d59074685be17005c76187

SHA512
a2ee1ae6c2fc895a75c7dc4b2f90f677ab43788b2abe55c12dfc6c8b8e106739a276874882e2e3a691a06225c4992abf9aa24c580872c8ed88caeb923dd22b46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
98269c7948895ccf66ac184bc7f546df

SHA1
f2022b4741fb325728e998595f92545190e1413c

SHA256
86fcb654e88e0aad21d3d35405dff6c3877c598acc8d11c471cd16df340a193c

SHA512
ca872e776c2f1eca1c9257bc64a21a4239f24222924d7492d030d144822eac9434f52f3646cdd2909912d60ecaf47e08882faf98d0958d67331120f04358be53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
74B

MD5
73a465dadf426a1816e6124332dbbe2a

SHA1
9016ee293d948b12d364e9eeccf7eec06a1aa032

SHA256
60ebfbe19e0b00485e81b7fa15d8988ac37bc2cdfd734311d3ee4b24f562a8bd

SHA512
e55d2a34a093562bf8cf9d051dcb7b1bdf459a86cdfde578ece91f76ec18f7fd1007db5c93dcd9864fb97dd7d5d7581ec6bbfb0d0e867e04290bf434935725f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe5756da.TMP

Filesize
138B

MD5
b670914f532f1aba71d0d1fca14b6316

SHA1
e62e1f90cd0963009795999fe7ef4450a963112c

SHA256
3bbe1d2e27be8da2254d32d5fb7422f8def4ba7fd588aa90a9cf69be18849fd2

SHA512
45e81020044c3b1f9591bef48412d0ab8339a7a252a27401b048f6490523ed78e4cc1d1b69bc77b84337eb562afd75974b56bfb02b3d58d45ef05220538defaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
2cfac0265a64bebfb47264f2ae569ce1

SHA1
de7d111e84a972c011677f517946bb9ac5bf264f

SHA256
1a807ebe94f01c64b55789bcc043f2f914bf58b0dbc7cc765a4edcb840b8c313

SHA512
773754a54da07750f6227dbc8f0536ad6e2d4762271323297c65e5a9cf3787adcbeb3d4d079546f56a1008c68c36f2dc390ecf57caee9da062b84ae758e73415

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
98d632180d35b67022cb6bedc46d3143

SHA1
ab9e27eb7baa57e9952d25a35573312a8e5fdb7c

SHA256
b479ccbc394f85e9868974fc1e840da3143c57901896ecaa44bc77f523ff6f89

SHA512
bc5b488a97a7ac5aec768980701251240fe4eb53c32aca04acb753dfcd5b5372bc7dca6df79ac6a7388bc2cf61c7f71bda57c1932d9945cddcee4a017699066f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit