hxxps://guestapp[.]hotels-online-buchen[.]de/Home/1b760788-7ac9-482e-adad-9a33c7f6a723/7273e3cb-54da-4ff6-aaee-e8f905628c4e

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-03-2024 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://guestapp.hotels-online-buchen.de/Home/1b760788-7ac9-482e-adad-9a33c7f6a723/7273e3cb-54da-4ff6-aaee-e8f905628c4e

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133546500540067311"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1408	chrome.exe
1408	chrome.exe
5300	chrome.exe
5300	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1408 wrote to memory of 4260	1408	chrome.exe	87
PID 1408 wrote to memory of 4260	1408	chrome.exe	87
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 4756	1408	chrome.exe	90
PID 1408 wrote to memory of 3792	1408	chrome.exe	91
PID 1408 wrote to memory of 3792	1408	chrome.exe	91
PID 1408 wrote to memory of 2720	1408	chrome.exe	92
PID 1408 wrote to memory of 2720	1408	chrome.exe	92
PID 1408 wrote to memory of 2720	1408	chrome.exe	92
PID 1408 wrote to memory of 2720	1408	chrome.exe	92
PID 1408 wrote to memory of 2720	1408	chrome.exe	92
PID 1408 wrote to memory of 2720	1408	chrome.exe	92
PID 1408 wrote to memory of 2720	1408	chrome.exe	92
PID 1408 wrote to memory of 2720	1408	chrome.exe	92
PID 1408 wrote to memory of 2720	1408	chrome.exe	92
PID 1408 wrote to memory of 2720	1408	chrome.exe	92
PID 1408 wrote to memory of 2720	1408	chrome.exe	92
PID 1408 wrote to memory of 2720	1408	chrome.exe	92
PID 1408 wrote to memory of 2720	1408	chrome.exe	92
PID 1408 wrote to memory of 2720	1408	chrome.exe	92
PID 1408 wrote to memory of 2720	1408	chrome.exe	92
PID 1408 wrote to memory of 2720	1408	chrome.exe	92
PID 1408 wrote to memory of 2720	1408	chrome.exe	92
PID 1408 wrote to memory of 2720	1408	chrome.exe	92
PID 1408 wrote to memory of 2720	1408	chrome.exe	92
PID 1408 wrote to memory of 2720	1408	chrome.exe	92
PID 1408 wrote to memory of 2720	1408	chrome.exe	92
PID 1408 wrote to memory of 2720	1408	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://guestapp.hotels-online-buchen.de/Home/1b760788-7ac9-482e-adad-9a33c7f6a723/7273e3cb-54da-4ff6-aaee-e8f905628c4e
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc9cb09758,0x7ffc9cb09768,0x7ffc9cb09778
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1884,i,17261316696990936164,3685002103628077851,131072 /prefetch:2
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1884,i,17261316696990936164,3685002103628077851,131072 /prefetch:8
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1884,i,17261316696990936164,3685002103628077851,131072 /prefetch:8
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1884,i,17261316696990936164,3685002103628077851,131072 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1884,i,17261316696990936164,3685002103628077851,131072 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=1884,i,17261316696990936164,3685002103628077851,131072 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5096 --field-trial-handle=1884,i,17261316696990936164,3685002103628077851,131072 /prefetch:8
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5080 --field-trial-handle=1884,i,17261316696990936164,3685002103628077851,131072 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5256 --field-trial-handle=1884,i,17261316696990936164,3685002103628077851,131072 /prefetch:8
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5336 --field-trial-handle=1884,i,17261316696990936164,3685002103628077851,131072 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 --field-trial-handle=1884,i,17261316696990936164,3685002103628077851,131072 /prefetch:8
  2⤵
  PID:5852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 --field-trial-handle=1884,i,17261316696990936164,3685002103628077851,131072 /prefetch:8
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1884,i,17261316696990936164,3685002103628077851,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5300

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
3bc3afeb6787c7cbacbacf40d067ab74

SHA1
9ac1e57f5721efac734a12d226ab4f5828f98715

SHA256
7a6103c9b4907b333b26c56beb26604a86bd19bb8aa0432dcb62f8b9c45d1ab0

SHA512
5a844241505bb695f81e0139c5fe1e256b94d27840bab51015b3aa37c16fdbde67fe27fc9fed5d8c88262453f0aa716cf5e0817de28788c7c20366d5e54a9d75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
897d4795c752b31a0e7bc54a70a0125a

SHA1
da040205b224cd22ebc0b05e8c1a7598da4755c9

SHA256
c57068b782fdf84e32d01a8b03f768d48d083290c510b47bda1283cb2c0ff83f

SHA512
3e99b70b602aca2b4b541e32e07da29aa87ad10b0d2612f7cf57c12dd38b997eea39ae1d2e82225937d4f6cfe61d3a70be093e8271a7c6347c07a5db1318c27d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8d28541531c5bc2de8e81ab321f6c8d5

SHA1
3311bb6b92a49575d331659f5c3442b2e9d4c1a5

SHA256
20b09285840420991876f5235f8c3075370797ea923a721376a52d1b430d3eb5

SHA512
4d68bbf400ddb98c59f1e5b9bf963bba94c50bc60fff91dc29ee84c537ec82fdb38259a1df9288db882c2203dbf90c7dfd05808f773c56f7f07a20dbd692e00d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
377ecfd468be58156b3b4af47ec0be76

SHA1
fa74527191885934efc105377ca21b3f762f67d3

SHA256
2d72c26c2cac745cd4094b2a23b4930e82eb53ffb9d67e597264cfdd8a4af6aa

SHA512
5592346b347ba4b4d14fb2c305cd1341915c77ea20a2a95a41808060e8c4485d245eb319ea59eefa8ef45c7479c31b54b60878ad07239d31182d9aea4a4d2362

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
92294122644175414952efa63c94c4a6

SHA1
2835f011c2375150a8d22c900d9edb8689ad2ca9

SHA256
eded0dbc0c7937012fd7d6933fec6e725ce85eadc14bfbe39d8b86f03d945191

SHA512
a87e023a5e9a17c182b0e3df7217a8dc45533027b37513e88165a44cee6a7b383968f8e53bb4ec9391f305f9cc7935916a27915d8d5ecf926b3e2e6a1389880e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
209519905c3536b2e7709af0782bc4bd

SHA1
8ba0281c1eff1ff583e0d489f84c1ab34d0544c4

SHA256
c015c6a534466c81feee5a2d1ccc8edba9fc5dc41f3ce67cb45306bb39156659

SHA512
83fda1035df00ced000acec18da794bdd89ab88468c53909c9d22796a4e53d067013afef84641cac3f476a4e426e628baff3572a89dbbb8c3379b507b897a39b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d30c8ccba65d2cb6334f32a7791fe6a2

SHA1
4fd660919b8837735d1a77e511ff269cb16dcbd9

SHA256
0a297ebf2587734c314345a3b11627b9a74cbd7b216c559207745a2031590fb1

SHA512
6e1be246b0e0cdf3385e6cda28ec6e92c634d60dcdab4f6cc7ecd56a02cacd203c5b16e3758f70bb0d5544eab642efc5a5d77499b7beb8a856a7adb0ef0d0b08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\086569c01b6adb194997c523d66f56f391b65ef5\791c2b95-dc35-481d-a062-b3b2c9067d91\index-dir\the-real-index

Filesize
2KB

MD5
cc6d57344d967a18e5e9c5964ca94fbe

SHA1
f4fbe04e0942bdf160893490b63f1980257fe392

SHA256
55a2a1540bc6d29fcfe2fae38264828e42932506153a8d13dec1fc992f4ebd40

SHA512
aadd035aac59e223f6bd9fc133a6a7f16742f0a70b0c752084202198607064b59568b06b0537e6a0c2a655dc8139eb79140a9b28c5bf1a03e77ed99c321e68a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\086569c01b6adb194997c523d66f56f391b65ef5\791c2b95-dc35-481d-a062-b3b2c9067d91\index-dir\the-real-index~RFe5820a2.TMP

Filesize
48B

MD5
0c51663dc67ad659d054c178aec618b1

SHA1
8af575aaf18a9cc32d01f2062be2eba4bbb34c29

SHA256
2cd58d6988c6b4b739f076ad2fe80039bf04c42f89645dc24b057d5fda7f8a4e

SHA512
8986b5894cd974ec5f4f61a6308f6459a7228d7ca6972ee2815cd843d8b8f23573e1a0e812ebf5aa44a54cc6773d167632dd5e971be880699c5e545ad5d4cb55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\086569c01b6adb194997c523d66f56f391b65ef5\index.txt

Filesize
159B

MD5
ffbe96ee4f914fa74a28fad8e30e0f7e

SHA1
24924b7b17587082bc120c62af58b4a8124f268a

SHA256
4aa2962433aee6620e95ab8da62f4f086e829039e3dfe9168936f8bbaaac7287

SHA512
2d0c3aa1592bec13e506bce647944f376944ab05a30b940ff70f1fd6d53b06897ef9c9bab749f427615cb66e4f0b7abda75efc951cab39f1297da531b93ed453

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\086569c01b6adb194997c523d66f56f391b65ef5\index.txt~RFe5820d1.TMP

Filesize
163B

MD5
baa62334be182d35e0826d89f195d07f

SHA1
7c54d67bc33ba828fe4fa2d15015242838da6466

SHA256
c3fb07f169bbdd9fdd838826ec3d01d86b5dcc3a392f1d15d0e4d72612b0047b

SHA512
28e1a232e56e43cc507e02266e8bbc8e26bab9101b21de89597776b808c54506aa5f713f7168f29102fdad94358fbd79aa57f6ceaa0b4358a6e3231e7ccb907c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
fffcc313b4ab060dd8b5fc3be499a2e8

SHA1
06cdf7d1c72cb9ae55ab65f559a0eba6493a3a7e

SHA256
9904a23d77196694100a1a9d70883d7dbe42797178c83b35e5accaf7a5f3fdc4

SHA512
421c6d460764c5d8f939283f20781fb80ab3446a19f9f2e323bafeb2001ccb7392d324a77c3b79168544ebebcab2e501175f2e0b3db32c6503a657ed0151429b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit