hxxps://recargatupersonal[.]com/

Analysis

max time kernel
112s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13-03-2024 13:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://recargatupersonal.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133548117059349435"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3836	chrome.exe
3836	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3836 wrote to memory of 2672	3836	chrome.exe	87
PID 3836 wrote to memory of 2672	3836	chrome.exe	87
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 216	3836	chrome.exe	91
PID 3836 wrote to memory of 4524	3836	chrome.exe	92
PID 3836 wrote to memory of 4524	3836	chrome.exe	92
PID 3836 wrote to memory of 2540	3836	chrome.exe	93
PID 3836 wrote to memory of 2540	3836	chrome.exe	93
PID 3836 wrote to memory of 2540	3836	chrome.exe	93
PID 3836 wrote to memory of 2540	3836	chrome.exe	93
PID 3836 wrote to memory of 2540	3836	chrome.exe	93
PID 3836 wrote to memory of 2540	3836	chrome.exe	93
PID 3836 wrote to memory of 2540	3836	chrome.exe	93
PID 3836 wrote to memory of 2540	3836	chrome.exe	93
PID 3836 wrote to memory of 2540	3836	chrome.exe	93
PID 3836 wrote to memory of 2540	3836	chrome.exe	93
PID 3836 wrote to memory of 2540	3836	chrome.exe	93
PID 3836 wrote to memory of 2540	3836	chrome.exe	93
PID 3836 wrote to memory of 2540	3836	chrome.exe	93
PID 3836 wrote to memory of 2540	3836	chrome.exe	93
PID 3836 wrote to memory of 2540	3836	chrome.exe	93
PID 3836 wrote to memory of 2540	3836	chrome.exe	93
PID 3836 wrote to memory of 2540	3836	chrome.exe	93
PID 3836 wrote to memory of 2540	3836	chrome.exe	93
PID 3836 wrote to memory of 2540	3836	chrome.exe	93
PID 3836 wrote to memory of 2540	3836	chrome.exe	93
PID 3836 wrote to memory of 2540	3836	chrome.exe	93
PID 3836 wrote to memory of 2540	3836	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://recargatupersonal.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb44f39758,0x7ffb44f39768,0x7ffb44f39778
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=312,i,3073504679841850199,15322732331989040709,131072 /prefetch:2
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=312,i,3073504679841850199,15322732331989040709,131072 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=312,i,3073504679841850199,15322732331989040709,131072 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=312,i,3073504679841850199,15322732331989040709,131072 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=312,i,3073504679841850199,15322732331989040709,131072 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=312,i,3073504679841850199,15322732331989040709,131072 /prefetch:8
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=312,i,3073504679841850199,15322732331989040709,131072 /prefetch:8
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2940 --field-trial-handle=312,i,3073504679841850199,15322732331989040709,131072 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4908 --field-trial-handle=312,i,3073504679841850199,15322732331989040709,131072 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2940 --field-trial-handle=312,i,3073504679841850199,15322732331989040709,131072 /prefetch:1
  2⤵
  PID:4484

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
5689fcd6b48d7562e9214698ff7428ae

SHA1
2f1fce919061217b3c60ebcb125bcdd4dcdbeac0

SHA256
b1236e1e82a40a9e883abebd88645a623c60c8107ac837a025ab1533edab2058

SHA512
4dde190c3fc820be1a4640564b8a8fa5d52e3a3ed837882d9d47c45a7005033bed5ad351e0da9accb08ddfec5a723f879800eb2a7ae2aed64365ff3e9c7b709c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
4e29119a2e0088d5355c5e3c8cf13390

SHA1
7280066e4916aeee9c32a4d243dea170073576c3

SHA256
96bd61a9a35faab51bac43f55a03e5cce73514d60b3393931a1514ca1637e40b

SHA512
14d24e16bafa279817f21eecf4f58b035eb4b611030387edcb623dfc5d5c447d0e3559386b1d2e66f5ad7eaeb6202862bb3bc4284e25dd8511a72906e691c483

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
68d9f77192594d4621b12d9713969e89

SHA1
eb425c4958748c00a1f5544c3ef7d5fccbdc3755

SHA256
3087a19d553a7e0e8eba39964955c5fedc0b9f9671144663429ac510a01bc897

SHA512
34c3d453138f89d2ac8cc34c19146d114b4989734e98a67addee7475448b802f10657bca537329c0dccfcc2c5f86758b8d077da2b6cc29273440d10ce123d120

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
daded5931d809f6b78cccd939f669d2f

SHA1
918994ba134817ab050c2d172aec776b31ee84b0

SHA256
1b55ef66f6edd608af9df9a81e20f2acf9e6f34d33c15ffa28491ec2420db39b

SHA512
a6dc4b6360f8e725c2bf6f2f728ac6502274535d641797c9a3643e6919ca0369d2acf6f553b57be888323e67c5896b550c66b8e6010b9d5e14f639f0efd7ce68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
2ce045572d37fc1882215268dd366373

SHA1
3a5989ca0bfd431f2cf0ccf8104b8c31dec6b00a

SHA256
ac6c2a0b608ecb9ae22692533f1dd25959bcb14715dff10447f09d9f23858c45

SHA512
c3cfa2656b645690f586d7d2916453d2ed20723f81c64ed724447a64b8203b4922d1ba1af5e78906f1c77103d18f1feebb9ba81a345449ae66fd3314db78dbe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8c0e7edea805be712ffed8747775e306

SHA1
82d874402c28fc5fbd06b98ef3337f994292592d

SHA256
80c2047fe81f339c8f880b0dce502433801b6a909faed8d841dccdc94bbf72bc

SHA512
7b715eeb8070ea3cc342255695893dc47b0049f61889e8a96455e960371bbe92f30cfcae067fab9f0ca91494956ccf8fb2b8f26e5f106ef5a982984cb1276c9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
a07ed12840d3f909c97de1ba9ca67dac

SHA1
da822bbdb0423227fb2bda5bbcdbb7242ee02cc1

SHA256
5895b60342e4b4c95a7bf6c55ff93f15aaf5fd2de7cdc193ffa7454ed2362b78

SHA512
cc253c7832e82b0d038fe30dc974379946960c5e3f047d9f885c14ea073fb2b359b49b9162b6efc52dabbc6ffc6ca09a8da56742bc93ced4f92dfcc8d6f92f4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
364348c7f19c2a84724c7fb420c80939

SHA1
b9a2ff2cba7f977adf346bb7e18bd4dd675d5eb9

SHA256
8ac4a3b501770af50aac4e172fdda46384a2622b22f6da8988f20e5d0fe6d71c

SHA512
0fe11c4cf551ba94551fbbab1f548195b4673e075ca90db52c78ba6613c8057682d6855775d2d0283b4455c36bf8dbe1f3ea5afca106ddafe414902a0bcc7325

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bdaba1dae918edd1ea47f3d08af36e29

SHA1
1ebdcd7f1e575caaf2d7db7f5dc4b2deb1c7e4e2

SHA256
d7b8705541e96e16ed3b369d0eb898f1e8a1082bc92c6f596c67063104d7ac9f

SHA512
be561e5806767da87d3610b12a0f794c8274effd544d8c1d4ae27c640caf1198c16c031c03da67cc913dbd62a2efda29844d275518baecd3c8c271f11cc94652

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
01ac6f4aa9776a3955e218a59d7dcdce

SHA1
1f5aeb929f39d300be1da9bf60e7df2d5c35406f

SHA256
8d7229aea5b6f0cd25dc67d49951a928cd789268d8fac0ed2b3758549b02b1bb

SHA512
3d811cf6b21b804347ed2bfce071431d20195d65c0e86e6b428070ebd36d5133c2d41769f2ec07b54792d57d73c0ed46670561d3b5fad1f7e03b7e35438f0e9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5e8937b5f5d5c2cbc6375f91cffde529

SHA1
c9bb535fa093d629b4af10fc609784228bffb53b

SHA256
06b5e227b55c12609e6114e85b9bed4eb42d4bb7cba417d52fe02a70f151d928

SHA512
34f163f65194c59422f6d800518f641682571b203ad464452207bee7e3e5e6f12b0bf264f84986300be7096fb67ec7c72a3fb3d50b32ebb87417ee33db344c0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
6aab4802f4f465936cb75681b29a46ce

SHA1
d38f00516a4f17c7d2124306f18254526a7be47d

SHA256
383dcc419ffa7fa39bdb9867a67816a1c5774c795569ec0be88ae189436fb5e2

SHA512
8d92a49f9fd1e4c2271b067fe4f1208600a114971cda86c2ea6e17f02f70e26d7e3e0fd1063a5cb1db65f1c04b6e8706b205f47041700129886dfbb27cce2de2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
a1d784b1e7456c02fcaa8a67e3756f5a

SHA1
f04db604efde3c510fcf671df5652f595ca76cd6

SHA256
efa7a128984eb73278d4c15703e61920689bfcf0fe029dc37d5188af3239752e

SHA512
0a30f07eb70a69ed1f0c51be4c2f56f92e372f47399de4b4dd07f51241bf805db6a734664002a670913724ded0d31baa705240267509cd389d236e7b1001f881

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58cbb7.TMP

Filesize
101KB

MD5
4adf3c46466e6591ee5ac0c66a6dd879

SHA1
cf2ee4966fd8d2c0ba9039866b5d9f3dfd09a3e3

SHA256
0ece882c29a46d374396ef5f304efc2d7f318e4f31a07fa37c2b13c00744e406

SHA512
e0e42e46c7d5957e5ad16dea54f3bd95c7f94d4e811e10eb854d20211956523cebd7d6c5b4b8791fcc646e622a4388e35e4d8e9a264051711d142a6f701a4b37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit