hxxps://skinboutique[.]gt/mi-cuenta/

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-es
resource tags

arch:x64arch:x86image:win10v2004-20240226-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
21-05-2024 14:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://skinboutique.gt/mi-cuenta/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607759627478677"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exemsedge.exechrome.exe

pid process

2028 chrome.exe
2028 chrome.exe
1044 msedge.exe
1044 msedge.exe
1520 chrome.exe
1520 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

2028 chrome.exe
2028 chrome.exe
2028 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe
Token: SeShutdownPrivilege	2028	chrome.exe
Token: SeCreatePagefilePrivilege	2028	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe
2028	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2028 wrote to memory of 412	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 412	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 4296	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1792	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 1792	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 888	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 888	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 888	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 888	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 888	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 888	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 888	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 888	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 888	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 888	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 888	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 888	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 888	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 888	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 888	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 888	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 888	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 888	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 888	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 888	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 888	2028	chrome.exe	chrome.exe
PID 2028 wrote to memory of 888	2028	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://skinboutique.gt/mi-cuenta/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa299a9758,0x7ffa299a9768,0x7ffa299a9778
2⤵
PID:412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1852,i,1337516265296776051,592179898902394335,131072 /prefetch:2
2⤵
PID:4296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1852,i,1337516265296776051,592179898902394335,131072 /prefetch:8
2⤵
PID:1792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1852,i,1337516265296776051,592179898902394335,131072 /prefetch:8
2⤵
PID:888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3128 --field-trial-handle=1852,i,1337516265296776051,592179898902394335,131072 /prefetch:1
2⤵
PID:1652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1852,i,1337516265296776051,592179898902394335,131072 /prefetch:1
2⤵
PID:764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1852,i,1337516265296776051,592179898902394335,131072 /prefetch:8
2⤵
PID:4492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5132 --field-trial-handle=1852,i,1337516265296776051,592179898902394335,131072 /prefetch:1
2⤵
PID:2936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 --field-trial-handle=1852,i,1337516265296776051,592179898902394335,131072 /prefetch:8
2⤵
PID:1336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3832 --field-trial-handle=1852,i,1337516265296776051,592179898902394335,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1520

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=6112 --field-trial-handle=2004,i,3518780201612530827,12523116488201166376,262144 --variations-seed-version /prefetch:8
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4308 --field-trial-handle=2004,i,3518780201612530827,12523116488201166376,262144 --variations-seed-version /prefetch:8
1⤵
PID:4900

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\12175192-6373-42b4-a0e6-1c650d3667f3.tmp
Filesize
5KB

MD5
234219024e6f265bf4b8b2e0294f352f

SHA1
3cca0f0f9dc91fef9479692c61165defa243959c

SHA256
12fe989d0bf26bd0b9c1f20bb492b3f6e8a3851cd6476d2b26a7be3386b119a7

SHA512
32eebb3a901442c987d6084cd6f2d6967271a92ca8cd574c073c21cb965c3f5ceaae3c98b2343348fa5a76e87b994fac7321453f34432f9cc148779326d5d4de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
Filesize
204KB

MD5
41785febb3bce5997812ab812909e7db

SHA1
c2dae6cfbf5e28bb34562db75601fadd1f67eacb

SHA256
696a298fa617f26115168d70442c29f2d854f595497ea2034124a7e27b036483

SHA512
b82cfd843b13487c79dc5c7f07c84a236cf2065d69c9e0a79d36ac1afc78fa04fba30c31903f48d1d2d44f17fb951002e90fb4e92b9eae7677dbb6f023e68919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
21fe437021ba50d8282ebbd5b0d33c51

SHA1
0d488d6d1cb051ce49f570753151016005d443c5

SHA256
9f6383d7144be7e3d329a6a1277a7974aa0ad5c2ef799f85befb5766adfd2080

SHA512
75698f9fddf042e01df8c0f6efedfcc15ecc944bbced639b27817a16cd1386992558729a188287fc2f3e98a4430af5ebc2ca162557b08aea5fdb2293371b85bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
4ecdb506b2f2af89a4d5523fef4962d6

SHA1
997b0f0f9d293aa15bc4c17435f8d82a8a1a76d7

SHA256
1280929a8fdeb13f5c0b80d3f96e02b54642c25af4e05f5d817d3659cbf2e154

SHA512
33896c68416c2a0219315ccd88ee532b49be8cff9a75202e762a37d653de6537758cffd2419ee2e2b2c32cb307f0ed0d4f072d70fcdc35a77bf9d28429d8a498

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
986B

MD5
fc27b3185873d14fba2955f61953e835

SHA1
30f5791c4b9ffcb61bf487195175854ece2478b4

SHA256
6996b30a26bfe145ebe64a4b9b6a4712ebb2e72bc088a85f63c3c0890946188c

SHA512
7cc3cca70cfcc335eafffb6f4da6b18a0383fbd951912976f7ea10b8c9ad9ee49ca6cfd8267c5e70f56d35de60ef604deac619941107dba696aa26e9b7f88f30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
27be7f77caf5b26a87f40119fc351033

SHA1
c98d7c1d3683bac5b0bec9a4cbd3bf39dbcd221b

SHA256
b64d0d1e0afe9e14532d80de14a90937659ba7a37cca7ce43ec6626dee46333a

SHA512
3f315819b3ea16357b85051a0d7adc1165b6f7bd6c4354fb1d2129b31f813d9226d57a7950fafc832bf7ef33c083cc1832cca83e4b80afa9062ca16f2cef9cdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ca128c33ae6ad4261791eb83b0a09d42

SHA1
9769c2f02416afc0ef0765d104c3c2d1ad4367af

SHA256
4e6618ad8e3fda88ff140ce46cba041d2ec32e11184bb5b0d1a68a7479136820

SHA512
c18daf6967adc1266705161bac9c2437f4ead94571330e88322dd70cf257ba413e67af1a1f7eb39fcb98e3c87b6c327476e34c05086414f23a467c4648a8cf56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
4145d0c8df7df14c43a81bb7ca5201aa

SHA1
5b7f82002ea61b671bfd40521e84645454ff4356

SHA256
4a31430d53e8effef6ec61f64d8cd383d119655d3f50cb23b8a29afcd64836ff

SHA512
e841573d9d3563859672773703dd5e0098bc3e889bd2c3ddff0b48ff07f2238158dd3599abd0594e0c253a33aa88a2d5fc537b8ed5214e95c18f2da08c565af9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
cab45086726ae2cf4a36d2d7368f774f

SHA1
80baf5778398fee3a9bcea8bf913da2d5f2a4529

SHA256
dfcdf14f54cdd0b5849f16007f9061c2dab34e72e6bbbf12399096f459373659

SHA512
e668707de4a70f63bc6d67750e552edcd3617f8ed8ec205ea83773a2f72e22a488669d8f50c08a037a80a1601ac2db5588a9a81f3b426de0adcf5cf9a235708f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2028_WNIJSYYSTBPHZOYL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit