hxxp://emailmarketing[.]locaweb[.]com[.]br

Analysis

max time kernel
74s
max time network
74s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
03/07/2024, 10:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://emailmarketing.locaweb.com.br

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133644775888440491"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4048	chrome.exe
4048	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe
Token: SeShutdownPrivilege	4048	chrome.exe
Token: SeCreatePagefilePrivilege	4048	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe
4048	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4048 wrote to memory of 4944	4048	chrome.exe	77
PID 4048 wrote to memory of 4944	4048	chrome.exe	77
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4576	4048	chrome.exe	78
PID 4048 wrote to memory of 4896	4048	chrome.exe	79
PID 4048 wrote to memory of 4896	4048	chrome.exe	79
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80
PID 4048 wrote to memory of 3664	4048	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://emailmarketing.locaweb.com.br
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe1cc7ab58,0x7ffe1cc7ab68,0x7ffe1cc7ab78
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1808,i,15749542833504983996,2845369699048663292,131072 /prefetch:2
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1808,i,15749542833504983996,2845369699048663292,131072 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2144 --field-trial-handle=1808,i,15749542833504983996,2845369699048663292,131072 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1808,i,15749542833504983996,2845369699048663292,131072 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1808,i,15749542833504983996,2845369699048663292,131072 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4440 --field-trial-handle=1808,i,15749542833504983996,2845369699048663292,131072 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4260 --field-trial-handle=1808,i,15749542833504983996,2845369699048663292,131072 /prefetch:8
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4224 --field-trial-handle=1808,i,15749542833504983996,2845369699048663292,131072 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5096 --field-trial-handle=1808,i,15749542833504983996,2845369699048663292,131072 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5084 --field-trial-handle=1808,i,15749542833504983996,2845369699048663292,131072 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4960 --field-trial-handle=1808,i,15749542833504983996,2845369699048663292,131072 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3216 --field-trial-handle=1808,i,15749542833504983996,2845369699048663292,131072 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3408 --field-trial-handle=1808,i,15749542833504983996,2845369699048663292,131072 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2000 --field-trial-handle=1808,i,15749542833504983996,2845369699048663292,131072 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5044 --field-trial-handle=1808,i,15749542833504983996,2845369699048663292,131072 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4748 --field-trial-handle=1808,i,15749542833504983996,2845369699048663292,131072 /prefetch:1
  2⤵
  PID:3268

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5a4b43a5-5141-4307-b959-df5f9b4d27ac.tmp

Filesize
129KB

MD5
9fc1fab55cf617f0517546e9eb6a1141

SHA1
2347a85e25aa2446793415e5024b6622e150a4a9

SHA256
ca2ea3d10206f27c10352712f60187fc2ce5511920ed1b4741b674fdc86a1886

SHA512
04adecd4dbf61c69517fe85da046ad1a83511cb3290237f6a38bb5e7b00c49e7e5b68d53a2d267c5d86906457bcee6d95254bdf708cda2f676d2e7a842240411

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
99114094e0dd5780aee8f530c312bded

SHA1
0bbdb8bf4b38f23b5b50e8f680046c03540bcce6

SHA256
e6813fa8e9d1eef97ce618bf92175a1d1f1248b9cc91e41febe3b7d7533dccc4

SHA512
3d98bb2c361edf010571ac2d09785377a03da11b1892fc8d18d0b5ad8d24984ba97267fffc3861ae23c5f5064159d81b7e166f95d4e01a176f2317367cfb873d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
da449009d849e59bb8ffd9f9e045a0b7

SHA1
f808c6e400a8f81b065b9d9fa9d86c938a995e38

SHA256
0e11fac6b465fc8410bb44d4a53501ced54523943fbb0fb457acac799455e02a

SHA512
883381fd47663e48a1fc5c732b6d48a4c6b33b91ddf06b68aeb35088366d756489c9833ca9e54bae81b98ae5b2a6cd428683faf7d79d9449c2b40e06291209bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e816f94bbfe83fc262a49725e9d53b4e

SHA1
ea59c62f754bc447c5843daf8f943fa83f6ca156

SHA256
ea1ba0e9d9a6df662b188b421695805905ef411a24d81b68c597a5227387bb2c

SHA512
7c8f38ec66b5cd9b7276e478eb80b283e325f765a7d8a3b30c9f44cecc1a8f37c8653507877a823485b947cc26fda044912cb53217217b196da68acf81589b33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
40e81d0399b58487336f23091b658173

SHA1
6e79a3b4de1cb9c392e5949e906cab9f0d8a3087

SHA256
e6c7e7524baee91d451c037b3d25e7dfa9e456581ebbf26ab8c4d455dae90274

SHA512
1fe38a9c8c34774a61189bc5cbf1ecbc43817343a75cf65d1d4f0e220259c015884af08c0afb905d85c5af1551236a9a7eecb5eea2b77f406380d517de6a87da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
309f82cd755caa328a7db6e06200f8d3

SHA1
8db3a0768d44603fe4c45b93c097069211c438f8

SHA256
f1f71f5e4661fc7137e10043784112e187d61f33d9e5e133dd969e9b866c8435

SHA512
522b0589a1c5615c49be8bd05f20855d2b573e544409c0324569197bbe79a72d18930b976e5b757b0bf346e6e521907725956662258a3ca1ff28ede4562712bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
eb2e0aef381a8985c337ec873c16b030

SHA1
03c2fec8b8703d1d350aa242ab15930b5364ebef

SHA256
e0a8abf12c350a2952bb16339b54afc48424bbcb172ffae6f68c51d00b954d78

SHA512
a7f02b67142d001588cc5c61983942cd478351f559fc38f6a0b9c42d966d6ce0c76a8b9c3436f5de7cde281806a12d8d5218936e6d624cf57c6201a8f30d0075

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3abb4bb8777c87812561387e4b3219f5

SHA1
6bd37bce6db8d490c7514a9848b739b0c57bed2b

SHA256
6b486139c77bf02d4065155cf0d260f0239e600587e6da5dedfaea895d25ea05

SHA512
51b6068dff476ba3c79f3bab26cda2d6a2de9491d35b0b5b1c38f472f2fc1459f0ded3096a9555e62b1b2123579b2866f34ff7ca2dd05f765c292208f12688de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
809e27cc0d2f3fe89f26a7e4df2fc831

SHA1
f5b0b86d7b0b426197b84b11f026300da83cbf8c

SHA256
bd91b6bc089b691c639e0f2a02e41cbc433ec06a5e66fccc15b1732fe8059a7b

SHA512
16181265017472dbd907e3f06fe8c41045689f04aaea9d96c178449d7961db297e1fc39498af3e63e1c3b94a697f0a70126858195a39643765f0efc709b68cf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5aa73cfd8a0fbc76276e3d590ef46021

SHA1
71362f523999b41d96d4fd2ca603dced29831980

SHA256
fa7b252d3ff558a81d2ae3ef56e01f7325ed1b6f916b6e5c024ea094f8598815

SHA512
4658030a68fa8aa9a086e4be767fe340909e3b9a6e9126f001d8b0083f5d20ecc7f9a243d1bd1f5eb0654a8dd8e9446c937c04861d11607ec4458e041f1c6631

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
511acbb226f75216216d4935e470fcb8

SHA1
a5fa1a7e21c02c7cfb1b87af576b25ea7eb56501

SHA256
3924938ecccc2c6b02a241ca8ab0b2fca67569376f62822ddf2fff46913c08f5

SHA512
8b1c80a8ee749fa267fc12b19c4c09c36487856b39aa3d6e812f43c5f4f28fa4cf1657fe10f2576202840076e4b38b5e0887561fb59c321a5c2ceaf07c84766f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
e4d4a7327694098b042e117ddac063cf

SHA1
71984624dba026092f4ae4176326b702bbad88f0

SHA256
aafe2f00c55bbabe8269dbe2e31a804da3b5d9b71de84949c827acca55100f88

SHA512
000acd98b1378311e0420fe7cd9a9431494690edab3bdf0ca7ea34d89f6fbf391b1c56b1870db71bd255249c3162edde0ea5615d0f0b1872f12363e1fa298d08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe580683.TMP

Filesize
120B

MD5
d910971102ae695e61302257c4f5493b

SHA1
dd7274cd17c1feeea796a8715da2f3a6bb719ff1

SHA256
d48c9879c4d80285902f5a7c46493f48115be6d7718e1a34611ad797abcc137a

SHA512
f9f777263b4dccaef516764403b6c4de67f47302a1b99b1bffb8c0babe61b8be6e47df3796502a7d2563ff5c7d130bc5c8cd32a491c5fa3f4d4c703b59723b17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
b28abcfd9452d8a65ededa8dd601132f

SHA1
f5c30e63e74a806eac0b86f2765a8b1fceb890c1

SHA256
71499c92265349289119b7920f7157f60a26cd57a03646593919bfbac08c86f9

SHA512
a2508822d8a8aa35133218a8780128eec20ded40b4a7fcd2160d565c7f8f5dd1bd1b183f65037c2f77b1b86e13c0c3dff3ebc9318c7ae7f7554b72e3501ba2db

Download Submit