hxxp://aplicativos-test[.]bancodecorrientes[.]com[.]ar

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 11:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://aplicativos-test.bancodecorrientes.com.ar

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585169700352180"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1620	chrome.exe
1620	chrome.exe
4352	chrome.exe
4352	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 1740	1620	chrome.exe	86
PID 1620 wrote to memory of 1740	1620	chrome.exe	86
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 3280	1620	chrome.exe	87
PID 1620 wrote to memory of 2600	1620	chrome.exe	88
PID 1620 wrote to memory of 2600	1620	chrome.exe	88
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89
PID 1620 wrote to memory of 1772	1620	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://aplicativos-test.bancodecorrientes.com.ar
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb12bbab58,0x7ffb12bbab68,0x7ffb12bbab78
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=280 --field-trial-handle=1776,i,5273027062551264747,6212122665422656085,131072 /prefetch:2
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1776,i,5273027062551264747,6212122665422656085,131072 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 --field-trial-handle=1776,i,5273027062551264747,6212122665422656085,131072 /prefetch:8
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1776,i,5273027062551264747,6212122665422656085,131072 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1776,i,5273027062551264747,6212122665422656085,131072 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4408 --field-trial-handle=1776,i,5273027062551264747,6212122665422656085,131072 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=1776,i,5273027062551264747,6212122665422656085,131072 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4528 --field-trial-handle=1776,i,5273027062551264747,6212122665422656085,131072 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4740 --field-trial-handle=1776,i,5273027062551264747,6212122665422656085,131072 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4164 --field-trial-handle=1776,i,5273027062551264747,6212122665422656085,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4352

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
9c829452bd0d4ea4a542459ca9701281

SHA1
861665920642f693a0b9015492e085340094b5fa

SHA256
ab3cb532a2216d3bef3e0d89003c3db7420f08ba954ee76cda290fe2508e07a2

SHA512
1b8fcdaf8011155cfaa042cbff891c5feac4d059598dbc2deb97c5f41fd42d68b4570e38d3cb80f14affb80c972bbdc225e50d886575d056001f6bc30c662375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
672a3641a798c494a3e85b2636d9a728

SHA1
f43c895c9009d0d558733d5dfb171154dd5152cc

SHA256
cde784e0350eb621c875ad2c78461f17433cf3241a24e94b0501936d507557cb

SHA512
8718ed554f1f41541f5fc9d2d0806d2657b82ddb1e3900f6af71595055655096cfc3c4f60eed2e26b67688d7db19eee9b06230f82c9de35c1e2a644fb2138ac5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e45744e5c362927c181d3ef5fca53753

SHA1
4bd6b09da0b6c7602baa99365a961d7d96005ddf

SHA256
6d3a153a1caf068dd5862ca1825062bb8bae4dca62d79913cbe003724bcd99c9

SHA512
b8bf9573b82918d711a5d355394aa9d884797f9ff57ce4103df2d336da96ecd88f69a8bf3d4280758529667d95cf83e495cd7995f3e416b4ed43ca90ed19e0f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
37b4608119da770597791afa0ed56025

SHA1
177d5ccae41aa67bd9da8bfdc526de1c51afc222

SHA256
d11be1b38d9c76a90fde53c706ca5ad533eccda675a63e7c1f186ceebe888af9

SHA512
ad0ed1ade17d743338684ff696e28f8ea02f610c954ae230c4c4ffc7d77ee502a71ecea2669f8439837e691efdfcac486e75e7e69e4f67f7bef8b4849d3ebc8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
df47eaac71b3503813eccd236b927060

SHA1
2fcb479794363319988880895da4fb3132744f10

SHA256
f05c68221319d648187b0f38d6935893650b5f478409886f1a4d87e4d7d7aafa

SHA512
4dfe7a5d80d105408c584a97bf66e8fe81e3395a3fe60f0e765377e6fb1ff9ec5651355917d1331abfd27d2f5d7645c0b252d894771196ea5ec4ad612129e5a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0adf249a2ad2f4cb6e18e23aac9914df

SHA1
6ea6c75200b40ba92e30f1a8a5aedbac65b1a84f

SHA256
41b2598bd784c0b2086e64f373f367f0d761c456b7a8ea60756567b98a7f6609

SHA512
370885329c7263cd8d65dd5087396d3e72ef92b0dac5874da6878cd958d6791b4166c21c9b06ee5986ca586b673144c2387c406555b5155f1f0f2665e29a1b4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d19e7bb019501674512677752fac75f0

SHA1
33412b3b81916250d9437642ac9ac9ba786782c6

SHA256
a7ff68cdd604d056b0cb4f56a54f66640e331a94b05f4e4359ec7b81485806d9

SHA512
788ebf048eed4361c11d2af5def760534e7266861737617f4878cc01b9c9438ecbfe80d57a097d39771112a0d99597258e156669663e6808e0d6f1cc21e479ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0fc2d096e433723c8c47c26bc2eded8c

SHA1
cd4bbeb36adb2f70329c6d6ed2423915a49078cd

SHA256
e5c87b636b80395ae42b374610e5b50411ffe90f9d853b4c86c99abe21d3dacb

SHA512
528bb3459c3be6398a28b3de13a464cf7a7128d262864c8482245d8e40cc8ba663d1e5f7e26b4898363cb23ba357369fff145dbcb9e23770f42ed46793bef323

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
35a363a6f64566c5e63857d232d76542

SHA1
202d790c3c06ebafdd0676c538461a033a8ec67f

SHA256
de1fb2ab00fa635c3d76127e9b681b92a2c7b1b217ec023e5273a9b8f56c2d1c

SHA512
1be24945e7f63cb5f3f4fed43228ba9fec2bcdd87df0492f3b17a3aac6559dcf1dbb9557ea17a508b9909c8bf1c8ebe12cb9103334d4c949456df3354042764b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2cea7db17280c843eeca9b73a35b3385

SHA1
4eed9d457613e3a7bc01eaea1181d78c7ebeaa64

SHA256
133f7aad599badec39324a3d5c83935c6fdfa3e0fe7dd3ce9d86c846171bbf3f

SHA512
95bf71c2f4489cd9c63b4f8c38049f046604eab0cb29ba96cb0375b5ba24d91890e638fde8485c1d6807a5373abbf649f5913288e847077b33b84ffb467116a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
04bf3b6054c6cd701b52c449398142ee

SHA1
ed0528b888c4233488171baa3df58ddcfa5a2457

SHA256
11adc767d66982e7c6fbe6382a59597f7bd60482d253c9faf88bdbbe0c218faf

SHA512
f7915861a2a3a0f63edbd16b356809c7190f331cc07657b72bd1e3381a7f431584969a46568a537b1cf1e87428e7412a83109324d5e4647e45df5b25f4b1033f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
260b97116537e18eebf544cf355f7d63

SHA1
740fed43d8e5cf2ce293b87a9e4705fda9662125

SHA256
550a6f05bc1f29b38c381545a60537d812995afa11bce92348af37c914c3803b

SHA512
fb0fb2b399a3d404cf9007cc147da3c47ad4c72f61ad72cd90f403e23e391f05be4cf78bd9d1e153a89613ac97a5676fe439470d529496f6eefa2beaefd49200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
250KB

MD5
aa126e815dd6a4fa058e86864e9953ee

SHA1
0d65adf26723792bb6799d185fa048e655cbd4d0

SHA256
337029c6c8288f665185477356c24c3e24b63cea362943810f318d407cde4dce

SHA512
35c790b4b70802a835b742bb0020ce0105a6e1de50badf8c4472395be44bfa5ca4e712e6fe09314709014e3e975982289130b05a295c5dd71113da72830c0451

Download Submit