hxxps://WTmrVfzBEi[.]esmeriocontabilidade[.]com[.]br/Golf/future[.]com/5MTE0XyUvddHaCu5rQ21ZpgdMMqDVaFyCyeBzYy3YKiKgHKLLWq8pXY9KiAVYP2BTqwZ9gFjZfUghzQcC9kyB1gfJmu2ebUNmRjGCzJ4RwcxVJWJH9pv78uuEjWKhL0iAz9Mdy7JQaLNFi8EE9y6Na3FjPUp0f1WwxQrJSD9xGypM2nuJy2GKkVGCcLwESgp7y7in7tvLSFZgMKGpr3cN35mAJQhiWpNZngRx-YmFua3J1cHRjeS5hbXN0ZXJkYW1AZGVudG9ucy5jb20=

Resubmissions

31/05/2024, 20:23

240531-y6d54sca3z 6

31/05/2024, 18:10

240531-wsfexagb5x 1

31/05/2024, 17:57

240531-wjlwbsfg8v 6

Analysis

max time kernel
599s
max time network
488s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 20:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://WTmrVfzBEi.esmeriocontabilidade.com.br/Golf/future.com/5MTE0XyUvddHaCu5rQ21ZpgdMMqDVaFyCyeBzYy3YKiKgHKLLWq8pXY9KiAVYP2BTqwZ9gFjZfUghzQcC9kyB1gfJmu2ebUNmRjGCzJ4RwcxVJWJH9pv78uuEjWKhL0iAz9Mdy7JQaLNFi8EE9y6Na3FjPUp0f1WwxQrJSD9xGypM2nuJy2GKkVGCcLwESgp7y7in7tvLSFZgMKGpr3cN35mAJQhiWpNZngRx-YmFua3J1cHRjeS5hbXN0ZXJkYW1AZGVudG9ucy5jb20=

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
46	cloudflare-ipfs.com
47	cloudflare-ipfs.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133616606835307034"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3440	chrome.exe
3440	chrome.exe
1544	chrome.exe
1544	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe
Token: SeShutdownPrivilege	3440	chrome.exe
Token: SeCreatePagefilePrivilege	3440	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe
3440	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3440 wrote to memory of 4188	3440	chrome.exe	85
PID 3440 wrote to memory of 4188	3440	chrome.exe	85
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 1548	3440	chrome.exe	86
PID 3440 wrote to memory of 4460	3440	chrome.exe	87
PID 3440 wrote to memory of 4460	3440	chrome.exe	87
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88
PID 3440 wrote to memory of 2460	3440	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://WTmrVfzBEi.esmeriocontabilidade.com.br/Golf/future.com/5MTE0XyUvddHaCu5rQ21ZpgdMMqDVaFyCyeBzYy3YKiKgHKLLWq8pXY9KiAVYP2BTqwZ9gFjZfUghzQcC9kyB1gfJmu2ebUNmRjGCzJ4RwcxVJWJH9pv78uuEjWKhL0iAz9Mdy7JQaLNFi8EE9y6Na3FjPUp0f1WwxQrJSD9xGypM2nuJy2GKkVGCcLwESgp7y7in7tvLSFZgMKGpr3cN35mAJQhiWpNZngRx-YmFua3J1cHRjeS5hbXN0ZXJkYW1AZGVudG9ucy5jb20=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff76e2ab58,0x7fff76e2ab68,0x7fff76e2ab78
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1904,i,9643643102199596159,12107739382170568304,131072 /prefetch:2
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1904,i,9643643102199596159,12107739382170568304,131072 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1904,i,9643643102199596159,12107739382170568304,131072 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1904,i,9643643102199596159,12107739382170568304,131072 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1904,i,9643643102199596159,12107739382170568304,131072 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4204 --field-trial-handle=1904,i,9643643102199596159,12107739382170568304,131072 /prefetch:8
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 --field-trial-handle=1904,i,9643643102199596159,12107739382170568304,131072 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4500 --field-trial-handle=1904,i,9643643102199596159,12107739382170568304,131072 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1904,i,9643643102199596159,12107739382170568304,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1544

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
50427c0f4911ac97e5232448ea3e2993

SHA1
733ed292cd40751fb7c87281f5af2f7fc47a146d

SHA256
ac976a9eff757e5d1491748d366d3d1fe2104f1664f6a7fe99712230fe8ee70b

SHA512
bdad4f1cc543901381886e9bf3e9ae54492107625ce52e5549075905aa005d02db9a97cca2f400d564c875ccf84b0047ef2f9cd10522bcbe7ea0b876b1e31014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
181e30b9c48f5369f5936bc8948fe8f1

SHA1
f7c0064cfc83340387e3566835eb0d692e406539

SHA256
1f1ddbb17b5d93be57d0bd43ebc2e94687c994bd10ef34b82ebf0526d69999ef

SHA512
a05100b7d2abb09d7850f0fbf254bae36e62dca3d6022a43b3b7fe62a1c2cce7fb4963e737f070cacb7daf8935964826de95477f93940329a38d5ead764a59d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9aef339430ce13a6458ce175b94af4ba

SHA1
5097dac353cbaa0087175de18b51909c6cfb0532

SHA256
7ad0bb972ee9857d849af42878724c46f36206976af3e5b8b2361de2be9d90dc

SHA512
7b28e14ca11ce313c8057412aada5fe40f4a6d4e54db613f0c0a605b6f59998e685eeced94b21c4f8eb160862d5cdbc55042afe52da79ff53081c9701bb949d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
96c9ac0df98aa3be5b2c88c90d43ca66

SHA1
1a97b9a0c62468ce64ec16824a00cedd1ee8d168

SHA256
069d5aca2c2cab7033015c001dcc9eba60cf4964646510aa32811e43b22d6bcd

SHA512
435fa94b075bba8d39c285544638ad641bc10c6b3e11c3885fe14df8110b2a49db6882b53c0d3d9d0a041c9eae742c033a19afd95bbae934881b1525444153c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
699b65825e5b1b5ef65434cb23c3216c

SHA1
a0a67c591afc46b2e3d0784d7bf39db21db26024

SHA256
b8ebe8e7d89a20add596f077d2632b0cfc932dd34c72f3843b3f103e575eb765

SHA512
39d175ad98a04bde16f0dc9f100ba88b485c71d986e42d3b7dcf32572cc94071f7b2e1736d88ea35c857c5c01ec29bc405f5f54d1ceb713a43cf2d52cc900ea3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
ad50b1df25426f24f02f6b1953fa59b8

SHA1
6921552daa0feaa1f20f0fcbc58d1af7c7c0c72e

SHA256
a6fab7071282896e315f700447648722d1161de2a01f9cf5f7273aa507437a80

SHA512
d7cb5c48d384a551c5375865109393a7a9ea6b6210aaa77fcec11586407a1e774b902537a78e1d09aae548379dd42bf47f40e396125ba5ec74225333d3961212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
dfbb9b780f248f79e2cc3c6df5d3ba31

SHA1
45e29c4de523eefa4e865b543d72942ccf5ec8f4

SHA256
520912d074b0f98859511b4dba5bd431aa4f7d8807bece92e45cb87999ac3566

SHA512
781d0ccc4f01a81f0543389f79d4ac908ae9c4fffcc253f99160136ad30f5e3caadc4e908be14edaabaaab09ef001414080e072ee08f5aea20ff81cf6674cf18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
482b9df1c0fc9d5b80e76eca4a2051de

SHA1
7eaf7026b5d0a337ed2138975313e27e523a3f5c

SHA256
f72d8cdffb7c2c4a7027790664e8133e40280a90677a26cb9426c9b65eeaa3af

SHA512
bfc135ddb6fc1c7afb42b8049ab00eadfa9789b016b7565f7eb09924b2458465a5d0cf8f15272d4c759452a020d1792854c7c77228b5b57d968027b3bc8308ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
044f7448eb5736f65219f0dae67d09ee

SHA1
1b0fad8697f67945eb2080dcdd3bf687c9cba740

SHA256
64ec6bc91775e75cbb1dec7ee2d2fcd588fe71aa5663f5905fa940352f7f59d4

SHA512
80c56575e13929098194034b8e17431613f09a8fafbbd7284ad1f47e93f81eebd37783e98480773811440deb542d293e08378db430f87de6566619bebc4c766d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
a770a4f29225c39bff7aacd1535351ca

SHA1
7037d5a3e3c83cad8b9e02d1d71c6742d3face75

SHA256
8d86b48b94b05546b1c65faabf66cb0a7ebf5ed7520cb3ad4764c26c59dd6a5f

SHA512
78951e5f1696c80acf52334b3a874ec8a5fcf44d21b9e5496c947a466d8a1d922839758408d1935c7635fd990cad3b6c50c43f33adbe4bb9e5d8803bd95a9cf0

Download Submit