hxxp://cms[.]integreat-app[.]de/wp-json/extensions/v3/sites/marburg-biedenkopf/

Analysis

max time kernel
195s
max time network
295s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/03/2024, 13:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://cms.integreat-app.de/wp-json/extensions/v3/sites/marburg-biedenkopf/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe
Token: SeShutdownPrivilege	1464	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe
1464	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 2816	1464	chrome.exe	28
PID 1464 wrote to memory of 2816	1464	chrome.exe	28
PID 1464 wrote to memory of 2816	1464	chrome.exe	28
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2656	1464	chrome.exe	30
PID 1464 wrote to memory of 2552	1464	chrome.exe	31
PID 1464 wrote to memory of 2552	1464	chrome.exe	31
PID 1464 wrote to memory of 2552	1464	chrome.exe	31
PID 1464 wrote to memory of 2284	1464	chrome.exe	32
PID 1464 wrote to memory of 2284	1464	chrome.exe	32
PID 1464 wrote to memory of 2284	1464	chrome.exe	32
PID 1464 wrote to memory of 2284	1464	chrome.exe	32
PID 1464 wrote to memory of 2284	1464	chrome.exe	32
PID 1464 wrote to memory of 2284	1464	chrome.exe	32
PID 1464 wrote to memory of 2284	1464	chrome.exe	32
PID 1464 wrote to memory of 2284	1464	chrome.exe	32
PID 1464 wrote to memory of 2284	1464	chrome.exe	32
PID 1464 wrote to memory of 2284	1464	chrome.exe	32
PID 1464 wrote to memory of 2284	1464	chrome.exe	32
PID 1464 wrote to memory of 2284	1464	chrome.exe	32
PID 1464 wrote to memory of 2284	1464	chrome.exe	32
PID 1464 wrote to memory of 2284	1464	chrome.exe	32
PID 1464 wrote to memory of 2284	1464	chrome.exe	32
PID 1464 wrote to memory of 2284	1464	chrome.exe	32
PID 1464 wrote to memory of 2284	1464	chrome.exe	32
PID 1464 wrote to memory of 2284	1464	chrome.exe	32
PID 1464 wrote to memory of 2284	1464	chrome.exe	32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://cms.integreat-app.de/wp-json/extensions/v3/sites/marburg-biedenkopf/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6c49758,0x7fef6c49768,0x7fef6c49778
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 --field-trial-handle=1220,i,10081730383912620988,5054411159390495581,131072 /prefetch:2
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1220,i,10081730383912620988,5054411159390495581,131072 /prefetch:8
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1560 --field-trial-handle=1220,i,10081730383912620988,5054411159390495581,131072 /prefetch:8
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2192 --field-trial-handle=1220,i,10081730383912620988,5054411159390495581,131072 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2240 --field-trial-handle=1220,i,10081730383912620988,5054411159390495581,131072 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1448 --field-trial-handle=1220,i,10081730383912620988,5054411159390495581,131072 /prefetch:2
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3408 --field-trial-handle=1220,i,10081730383912620988,5054411159390495581,131072 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3460 --field-trial-handle=1220,i,10081730383912620988,5054411159390495581,131072 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3244 --field-trial-handle=1220,i,10081730383912620988,5054411159390495581,131072 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2724 --field-trial-handle=1220,i,10081730383912620988,5054411159390495581,131072 /prefetch:1
  2⤵
  PID:1508

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80bbb0353d16094d0bbaca3364474035

SHA1
ef26bf523a300d6fbf9567140045d59d005b6d7b

SHA256
7e3ddf07019256429a9331132b14c5daac1c9035436efd81c9ec3c2ded446ca1

SHA512
6f1f7b9acea8d108ff55835d7899c071e1cd17bc8f8623121622b799c08d27ebcb3f11a7baa7ba6898d901449dbfda80cad5e166f28fb742895a7da88ecbcd39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6c373da5-1382-4bd9-bf04-3816c3b6f3a2.tmp

Filesize
8KB

MD5
88a9da318e3be24f51164d8eaef0ccee

SHA1
65b4de594fa8305cc7b3bdde590ba79339aefdb4

SHA256
db49d2a703d095b7561c5b13f83622ce3a8943472c7d664ba50e079af7064cf2

SHA512
c442191e58b49d7cba880091b18de460b398cbac11252bbf89be1c7aa5edbcba8a341a77cd5fdcb81f3d9c5af0e752d82fad088449e7d755dc8cf0f8404d4510

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
53b7b3fa74bd43da8d83be550519b0fd

SHA1
bd5fa723a2fbb15ef239be3b9eabf2e603fd497f

SHA256
84b6a9ef9caf00ead2d942e21f31b6cbe6484ab6fff43d6c7201fef0798e1fdb

SHA512
1bd410e5555b2731a4caebd2f992321f6c6111c6a49a7aeef81789d02df7422e841a5e397ee3670ed535509ce9f4241630a9ffd8c2c23b9e659c6ffba128e538

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
82a4d330877e7820065f44efe1902db2

SHA1
e39bc960baa7bd6ac1397bfe1e1afb40d1f95931

SHA256
5e35e366ea7b06ac38a52b1aa6b35aa468cee9cc69a8c6da2555c7b08117156d

SHA512
dde810eb2b7e994abb18afa84998c2a4737cdcbed9b3127c3ca20907fb4988cd577172896563b75dca522b3a83215c656bf1e875b886656540341e2267ce1af1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
dc6e6d0e834734c8e29b45006c822e1e

SHA1
a5fbdab16a4f934e90cb99d920a5a87a33059d31

SHA256
733b85ca6fe814813e276b8a94aa83af9bf68fdc23385cec0430212696765836

SHA512
2fc510494991eae011176701e5f9dd60cb2cbb4cf5bf2a90d03df9fb1c8be156315bb15afc83ecd30d264b84493ae8ca104f822ae1b0e19a020d70849040c4d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
d751938a4824874c6d7e71df88cc2195

SHA1
8df5625fa2540e49763a9f27c4eb09d54476a44e

SHA256
da43971589a2922a11954c7b5a541915545c3d702543f3c3cf54946ab76902fc

SHA512
e6a1a1e27ebeab2c6e6b32b7423263bffe08c910e26381bd9374f182419d49775aa70e4ae996e6d4b0c43df9bf94036cf920c25f1ba8d00e61a4f04e2bc33905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
7663b35107e60118418ef23ab4c677dd

SHA1
b37a90c00ccdba2942505dcbe20575b9fbcd574a

SHA256
ad3453420660d190772d9e84034ddef27d52292d791cab441977be9ef8942670

SHA512
cb17aff71abc255862660948ce7245986a0254a47074033f6640dd691a16d6467d0a0e9ea2febcb2f948eee518fe9443ef6b6a189fa5bb63d483dc5377d20c1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e7d821f5efdcd6c59bf279e9dd0e7d14

SHA1
320a41d32b3c4957e0608b66bf0d3a4e6b00f34d

SHA256
068bfb841ec80831de58030a45b7f4fde2c54a26473a3e978f3bcfb92725736d

SHA512
c037bb7adcfd3089a5d3d2109046b9770c40dcaaa4442b5274801e6965f860287a2b86a6e58c2ad874636c4b82b90da300116a74e66d2212066c2f469dcb6c2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3f1c8fe8e11745284f8d630cc4580a5a

SHA1
00eff1de54fd4313449d94d1a795c80097566086

SHA256
8c6434a388964f7b12dd75ea3909792061c3a82390a0b15a0308a1b63e201fdc

SHA512
4a783047508cd3b643bd0706667d21d73674d5136495b5bc5a33c49621d27a2e47e80903904c4c0d48da5d255ade4ca3a56d97bf30481c8cac2d72b2e1624268

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
756ff5d05dc95bba9200d591f38306fe

SHA1
b4ec5a01e3d5ea001e2724e311dfc45df6520142

SHA256
1a5cd3a6c5870c081d53851d034992b0b6c3e63b09ba65996864fbb45cc876bf

SHA512
50fdbb233e06ab8a9ba3218b1ee7547eaebc24c0b80f170639ace04d9084e50a9dcf576edae9975faa49d37383a19c2045e78da5b3a932f2ff3df49320d3e399

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
706368e6019d227592946efd3e2cdd59

SHA1
fa23c71816fbdf921f32a63c709c8f96e023ed09

SHA256
72df234d5b4758bec54b7a7d422f46dfde5ca40c461c9b9c6d91aab84bbfd6ef

SHA512
ef58b0d03b2295ee9b95386560c1c17b16e6cd02367d5763dfc68e2b7b1cfa3a23f60499b432c9356e183c0d5db398302fda6a042312f3f2e5d250ab6f7c21a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3B0F.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4811.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit