hxxp://wbxxa[.]apartamentosreservadelmar[.]com/4TZayp13716yxbI1139eowthuptau14320UKONYOFEZJWSDMI4297JXCF16690J17

Analysis

max time kernel
207s
max time network
209s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
23/07/2024, 11:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://wbxxa.apartamentosreservadelmar.com/4TZayp13716yxbI1139eowthuptau14320UKONYOFEZJWSDMI4297JXCF16690J17

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133662084865491732"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
1684	chrome.exe
1684	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe
Token: SeShutdownPrivilege	4900	chrome.exe
Token: SeCreatePagefilePrivilege	4900	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe
4900	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 4396	4900	chrome.exe	73
PID 4900 wrote to memory of 4396	4900	chrome.exe	73
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 864	4900	chrome.exe	75
PID 4900 wrote to memory of 4612	4900	chrome.exe	76
PID 4900 wrote to memory of 4612	4900	chrome.exe	76
PID 4900 wrote to memory of 196	4900	chrome.exe	77
PID 4900 wrote to memory of 196	4900	chrome.exe	77
PID 4900 wrote to memory of 196	4900	chrome.exe	77
PID 4900 wrote to memory of 196	4900	chrome.exe	77
PID 4900 wrote to memory of 196	4900	chrome.exe	77
PID 4900 wrote to memory of 196	4900	chrome.exe	77
PID 4900 wrote to memory of 196	4900	chrome.exe	77
PID 4900 wrote to memory of 196	4900	chrome.exe	77
PID 4900 wrote to memory of 196	4900	chrome.exe	77
PID 4900 wrote to memory of 196	4900	chrome.exe	77
PID 4900 wrote to memory of 196	4900	chrome.exe	77
PID 4900 wrote to memory of 196	4900	chrome.exe	77
PID 4900 wrote to memory of 196	4900	chrome.exe	77
PID 4900 wrote to memory of 196	4900	chrome.exe	77
PID 4900 wrote to memory of 196	4900	chrome.exe	77
PID 4900 wrote to memory of 196	4900	chrome.exe	77
PID 4900 wrote to memory of 196	4900	chrome.exe	77
PID 4900 wrote to memory of 196	4900	chrome.exe	77
PID 4900 wrote to memory of 196	4900	chrome.exe	77
PID 4900 wrote to memory of 196	4900	chrome.exe	77
PID 4900 wrote to memory of 196	4900	chrome.exe	77
PID 4900 wrote to memory of 196	4900	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://wbxxa.apartamentosreservadelmar.com/4TZayp13716yxbI1139eowthuptau14320UKONYOFEZJWSDMI4297JXCF16690J17
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc82a39758,0x7ffc82a39768,0x7ffc82a39778
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1852,i,16079338968696598978,17916584506621944701,131072 /prefetch:2
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1852,i,16079338968696598978,17916584506621944701,131072 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1852,i,16079338968696598978,17916584506621944701,131072 /prefetch:8
  2⤵
  PID:196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2636 --field-trial-handle=1852,i,16079338968696598978,17916584506621944701,131072 /prefetch:1
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2644 --field-trial-handle=1852,i,16079338968696598978,17916584506621944701,131072 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4504 --field-trial-handle=1852,i,16079338968696598978,17916584506621944701,131072 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4608 --field-trial-handle=1852,i,16079338968696598978,17916584506621944701,131072 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5144 --field-trial-handle=1852,i,16079338968696598978,17916584506621944701,131072 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4440 --field-trial-handle=1852,i,16079338968696598978,17916584506621944701,131072 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5656 --field-trial-handle=1852,i,16079338968696598978,17916584506621944701,131072 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 --field-trial-handle=1852,i,16079338968696598978,17916584506621944701,131072 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 --field-trial-handle=1852,i,16079338968696598978,17916584506621944701,131072 /prefetch:8
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 --field-trial-handle=1852,i,16079338968696598978,17916584506621944701,131072 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1852,i,16079338968696598978,17916584506621944701,131072 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4340 --field-trial-handle=1852,i,16079338968696598978,17916584506621944701,131072 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5740 --field-trial-handle=1852,i,16079338968696598978,17916584506621944701,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1684

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
09cf75f7f65b60ddeccc1a03dc506f5c

SHA1
5555567ec56f13ae938657ea511e8ac7c6ac9feb

SHA256
364e3574036d2d9db8ef2d8e65e3f4ef1ce65c1743af5c7ab4d9a7f3dddc2d7b

SHA512
e6ab9e2966c2e706f4ee24fd3239da5eeb491e37e7e59a6bcae3970f80234656872d9f93caca5940be5f557b05fee0fd502b55bbd804fee30678a7e77502f916

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
717561f022ad476bea0093486420607c

SHA1
8dc33a4403c8641bc588f519bd39f9590bd01524

SHA256
b3c4320d638a05c41e8f15561705eba80eade5320b92e16910376183ff8c65ee

SHA512
85d39e87b9b94a796f236ca2a96b48b06af970b8554d692433dcbd85e28e3e22bbabb6d4562c606bfb1ae5d3bb36c0c3d69bce804b764d80ad02127d66616bae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a8bab2091946b5a64c7afadcbaf8ad9c

SHA1
06b468642d8e4e68230d0732030ae79937bec31a

SHA256
3270ea029eae65857d8a77bed72def433080cfed54d897fa1bb08b99b62fac54

SHA512
004ed338b9b219ebee6c33c15fc7e942b64314022c1f1603089d6f9b07e6f7212cdf3a1cf044c127c62751fa7c57f546dfe983f753aa8335a16d735651f7959b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
734084a41a1f46a46fa5f6fc33de2117

SHA1
51d22daff11fb138ab52330425c92d9fdbc7be90

SHA256
9e620bf5e3dafbf61c6683d727b177592ab75e89a7d99101ca851faa8fef4025

SHA512
75cb17dafa451e3e33ddaf0f58fc054e3ba70907ec44f9249d5af26b3070a4be35edaf3f0e15b80d42879c7caa2b47c906f0c39bdcd406892abb99bc45cb04bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1b217af869388813b7d7c993f87a2d17

SHA1
3930ac222948d649032b20a400c9965cea55738b

SHA256
ffdc6aa57ab243b5e45d2af2c13c66d18f6bc240565e02f4e46afbff68968015

SHA512
f6d0bed075d511427bf6251dff1f7874255dad7f3ee06c769e3324f309472db99a0b3cbad90130b5e974b5470e93745ee6266eeac3b3d376ce8e9211d3e87ffb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ce0a2096d4aeebe832f78137f2879e19

SHA1
696d35202521de2fa11b0faf9889e26030a4c130

SHA256
451ecc6881b448de9f8212fcde02e6a9cfdc1e7b1b006791d4c13e1cf8846cd1

SHA512
c15da7d531984dcdce5063b30f370a358a24b1d8f5b5fc6415f205014722fb097742be35e8f9ac626294399d62fcb416c1fc62e415e1d0a644029ac5f4320596

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9aa62d597a359e1ccad99214c8ddc2e8

SHA1
cfd08121ea2fff98f554ebe9a138088a4be4035c

SHA256
a0abf707dea5d8cd5111c173888b278623c05801f583a7426ed992c7f8b91afc

SHA512
71de6224a8bf3c194bc2ac379c485ecc2d7bf921fd82ad3b026b0bf686c40f3bfc2deb7a251f14f69fcf2563bcc317022bc6bae8adf94bd2c2837c33e1479ca4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
77a1ab2ce5ac7fd6f2c1ceb38dba6076

SHA1
71ca8b33560ea29ab0f37eb8b35b40c8b31780d4

SHA256
11615491c762ec120f7be9da27e154839fd36f9a0b1714c8a55dff8f225abb86

SHA512
9db75a4e54999e98ac7fee530851f1e63b7c21efd6423ea548074458f26143a828874ecf8125a9f03e2d645b951a60f12e7977d78211ca858240a327ee3c743d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
82ab41702c2e79facebbbc6bc269ef53

SHA1
f31a2b5648713c38a99df5ac8b5fb9acbb38572e

SHA256
7eadae0fe55a63480dbe18e6e842b89391a95688ccc6555ccd530a12e73901d3

SHA512
b1fe9cbad344b0f673ea312a06ac250584738bf71a953b3517df25c9251f17e8002cd597966b3f3786080f67e832c602f0661f6c3b9b0ba147caca98f0e13eb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
55484dbc99fb54edb41822cff888ad39

SHA1
7fe90787f63c3c4245a53c2f24f442146ee9aa76

SHA256
7fd55e178049155df38f3b978505c1ad75ea5b04a617f5d99cdf619996fbd492

SHA512
642f0d69aeab5055f2fd609ebad64eee361ba15a122a9f5900b352e99885cc5af8e5cf22f6033e742e4b1396bd6ff84083f7a9ccb93f3a75072fd672294c0825

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e0e891738760fd9f3100ea52cd17a698

SHA1
e7e461bf1eb1bd0ee46594e916f2572f029a1147

SHA256
463ca77a064db055c0e1aed8d4b02d6ed31a902bc02480e3dd29b04fdffc0b76

SHA512
85b7230e0087cbf53d9b6d2adf1c5834595b4a13a9c5f95b2a04f407774e61fd3cc14df9121b40f869df702c886a0546f632fa1275f83527bdf86fe4c3f030fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
2873fd0c056f33d5bad05d329b59822b

SHA1
9565ff66c7968928a9da489a42f17670d5f1b7a8

SHA256
d754d1e3f543ed68312d986e02bf3286ab0a7efabd3de42abb56d1c9cebbb25f

SHA512
fa1f264427e996592c237b80a1495982df48972ec0ccbfe8dbad0758fb8982a3aa3c244cdfb2b48d5466e051d015376d94b4dc4449ca63a0c9a146c80abfd592

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d2c1.TMP

Filesize
48B

MD5
197eadf36acce4ed5b8ba34dc80c4dda

SHA1
7618289e587f4f0dc789d478a6dfe3d015adecd7

SHA256
7492025de7594c3da16d7b7ef4d6e48e64b5db7107fd12e4295db13d0d4f71b9

SHA512
a38747a38e748145773fce5155bbb4170697f4ab015210ff99fd5cc81cb784ed1dbea5e3a113e3b2ccacbe0e95ccfce922bf92434e0ff348a529609266197f66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
e3cc16078c1daa6ae70ebcddc6f4972f

SHA1
2555c7e91d087291abf8dfdd65ad2561fa3fee54

SHA256
2d44d43a96ad0155ed89e297875282ffd083f6320a03144cf48f5b1ea06fecb3

SHA512
eb9601bd49aeeb2e65ba304b398df5e74573b60a2b4080f201ef36d5f7eb4b540659824ef9e38374cdaad65bf9f58aee54fac88d4d416f243bc4df423de280e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
cb9ecfb070b97077297dc4de00d304cb

SHA1
d9111d02b539f4c6574d7e63c32931885e2eb3d8

SHA256
d995ef6a2b87c873c8253cd8729a5e5644fcae875a01f10e129b687051599d83

SHA512
6ff11a14c735854578172afef8186d1d770fde940ab6f90bb8344d2a470e4846e7c964bc62f8e8f6aee450806e79fc67a26a101f46989de7cac94312965d7db2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
157KB

MD5
52396214fcd80cd4664ceea85f4c19fa

SHA1
47443fc085f95b474bb65601cdc773d8cac8a990

SHA256
9ed9e34b1e1bc2dec8c381c33263c954579bef7f18c5b9e63c50f509dc143a50

SHA512
2a7eb21a6297ffea44e060e84c4d8b245a5f2fd9d726de0b8777cf69c0b324d6b30451155d659bc1659dc07969dddb0e6517150d383ce764a677d2024d3a04cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
27e10ce3daab21abff6776a9e8c31cb1

SHA1
8af0edb025b006564a545bbcc92db04b2d8fefca

SHA256
ff7f492a91db42e4e3422c583c63f7ccbe6a6b78d05b1e855c6fb33848994470

SHA512
d9b8d76cff1f5fbd88142cebcdb59a9079be98d759995062eda3e3cde505179b14b30d19d2832298568acde2a21a6f1894829695479e961e133fa56556ffeab7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
28a9404ff51fe8eff5e40103e42f63de

SHA1
75ca65a9ba0fbb30fdb3d5e55a9fc9f20efd795e

SHA256
6bc9f6a052b82f1ef6bff4ba0f97fbe4470192637e94056972f42f8de1b583de

SHA512
072f02d4d64f4d79a89030661676f270cdc05773e8bc36ce04fc03121aee95e508a2ff16378c970c61cffda6ac9cebd20a8a24684ff3bb26d26a355abe4e80c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58337f.TMP

Filesize
98KB

MD5
6325a814852e648c1b8779cd0c6a282f

SHA1
f118aba6e5809403176bf8999bf76229c2ee806c

SHA256
b6261cc0dec757dce60684159fb2629cc9c267569b5b87cab3f93d44dbbfc8d7

SHA512
af416d15bc37b40c5dc323571322c1636e297195228e26fdc50ffc93c9ec1eaa7ead1be43a69452886a7ce1b6a31f750eab39358124378691d37af8b22e97268

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit