hxxp://amp/areaazul[.]com[.]mx/[.]rice/

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/09/2024, 12:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://amp/areaazul.com.mx/.rice/

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133699283846103714"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2124	chrome.exe
2124	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe
Token: SeShutdownPrivilege	2124	chrome.exe
Token: SeCreatePagefilePrivilege	2124	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe
2124	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 4968	2124	chrome.exe	83
PID 2124 wrote to memory of 4968	2124	chrome.exe	83
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 5116	2124	chrome.exe	84
PID 2124 wrote to memory of 4760	2124	chrome.exe	85
PID 2124 wrote to memory of 4760	2124	chrome.exe	85
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86
PID 2124 wrote to memory of 932	2124	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://amp/areaazul.com.mx/.rice/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff0dc3cc40,0x7fff0dc3cc4c,0x7fff0dc3cc58
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,5869861742798628218,17030633488048088117,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1752,i,5869861742798628218,17030633488048088117,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1980 /prefetch:3
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,5869861742798628218,17030633488048088117,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2240 /prefetch:8
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3048,i,5869861742798628218,17030633488048088117,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3060 /prefetch:1
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3052,i,5869861742798628218,17030633488048088117,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4388,i,5869861742798628218,17030633488048088117,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4352 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3304,i,5869861742798628218,17030633488048088117,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4356 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4644,i,5869861742798628218,17030633488048088117,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4932,i,5869861742798628218,17030633488048088117,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4984,i,5869861742798628218,17030633488048088117,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3088,i,5869861742798628218,17030633488048088117,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3156,i,5869861742798628218,17030633488048088117,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3164 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3432

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1848

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
dfacee0c676ad9f8f9ec7db92ae6b5e3

SHA1
190a4462ecfa02164d6df9e361aae1ba9ec9d151

SHA256
f631b21d64c0e08296f255727c3e73e6d41c689b730d7dc5b5b4dfe224c242bc

SHA512
067668b30ddba9857d49bcf01f2791fe297fd7ae52c1db6f8ee598d31b58f07c6046df4671aff644cea89dd46b39150ce91980ec20ea8b451d8ca9ca4e8870ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
ab6876352295dd5c8f5e7e23630967d4

SHA1
957ec8df7820e9bd5d4fec2ab76c0bc55b869f1e

SHA256
c44c326de4c75fa932801f6d3f7c6aeb45c48dcaeca4144d84e92ea1345a34f9

SHA512
53e975725bc3ec53474e0871127272ea0d258f397283cedf23121a55d211e28f9294000527f9b800d0d3163c12d355900bc94d0bda8772fda9f17675df95bed7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7838da24e20b2aa4e3fc06a9bcc3f52a

SHA1
4f68624ac2c466bec3fd062527f580fca439f280

SHA256
1fc44f32cf3a2806837ca5e3af46845ecf5b58523c8e8027e6f9b31a4e50e032

SHA512
34519e1f32799ccf7fac3347a27d55c43d5a50672d222fd1d0b2bcfc6e16e2887a2b51f02a178fb64e8553d81575967a240e4be38bcb808d63fbee59778a78a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b0f054986620459d6bfe355fb57c516b

SHA1
4af1b64a9a4379aa2b2565b659104d4a82d454d0

SHA256
55123d932467dcdce3f656de912236038c0ca24c55a1a99829f2c12675a82bfa

SHA512
37b5199fce8325a3c2f7e3628426644e621ab295004cd6c301b43f03bd4764bf3c002f702eaa2b3bec729b66220435a33ddca3848230045813a9500383bc99a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
110b5ea81628d63db1d00d1267a7a957

SHA1
6bcc41bd1535f0852e2353edce71ff386505c551

SHA256
e7419e5eddea07f90c3aa4063b323c6cd604c60c9ead80cd4e521564f4d24755

SHA512
59da7fbe642f8b8e91b37bd455c52577dfacb360dbbc578f890a0f0f655839001f83f756ba9be09d62255cd3e82f77b0a0b41f37abbe122d5ee5ab54b0865b3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bcfe00746cdb31333f9e8ba27cbbc43b

SHA1
5894a74ccfc63d010e5206016387e98404ffb669

SHA256
17439c98829a67383cb3ea8289b460e0154a69fe364f7e17e53a81df1f26b7e7

SHA512
b4322f2bc2bf8ade049f8a638eb0eac32473325e4184f34e7e40457a2b09805bf5af6a4aab773236f7b95e8eb4e365ab4f559ce802ea4b9abd104cf139cf3834

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2d3a649112bf9f9cf79139c7e80be451

SHA1
dd91f1b4fce2a37ff93f9deb44df44362c3eb7fa

SHA256
609d2c8cc9086d813ac2079a8da2aa894671f253537ee9da68d60291aacd4d6a

SHA512
89d111cc87052d50ea337784810125c0b3c48d1b8ad82b2cd122f8c82bf04db08978485470c6eda2377afc7dd29c8a8f79f6397da4aefa3723e02c6dbbbbcf1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8e21525d756fb80915dcac310c050599

SHA1
7b6d156079a539a521cfed4c9c19c57ec0d5975e

SHA256
5b301db71358435aafa806293a5e3327646b986337829b3bd3a18d26d5d027cf

SHA512
3be3ad8a85433a876a31f1e2793f93ac65ea9ce1a2985f6e96183315124b24d5b297b965f7cc98c8c585d1d1152de570b8abb615cddecd33f8fd2a1c6c2efcea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bbbb0adf325bd344509da4dd4a84d865

SHA1
5ca0369c9038c640f4e7c6c14a9548e42d919601

SHA256
4e059bc0389d33c7c4ea953279cb52ac810abc0958b177f3508cfe1a8c076999

SHA512
71dac9b4f1d0160882e3d3dd4840e12955bdc58a87d4013d545ddd5a04f4dcbce372544b19c297f3bec6f2097e992ed5df9e955439d6fb29a48fc0ee5bc9a655

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0bb48e2981cd9298342f2c44d4a2ccc8

SHA1
bf47f569cf0d6a508b76fe11cc6771bbf56221e6

SHA256
239828cbfd71a22c30b0cb0a0e9e1cf571a2d04ec7e7c93242501de606a452a7

SHA512
73c1561e1b47889b565702211e5743e030a8383fb8a8676e5071c90b64c9336d16577482ad225cbe5ca0501a40a97037ad92d89723186d235c0a3406588ba65b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0dbbb78ebdc1cd317b6e31b0fe5896f8

SHA1
d9e5d3bbde2e67bd83f72332816d6f55aeabca86

SHA256
ae67457c125164b159157a843c35ff86ae60606e1f6811534e05b83595d9a5bc

SHA512
0c0001f584e1840f09f069911a5a3b0bc5c0f2ce65868cae5b4dd48f295d544eac204b11f7aacfd2f66d97ed76bba73fd393171288ad5e1855eb08eea7675c22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dc7abe4f7cbef0c9c25cc0121b57df89

SHA1
8005e7119d75e71a129432e1b2bc54d66aed112e

SHA256
08aa4a59bc75defecda03b5afe2bd9ae61f049986dece0fa14eb23ac891408a4

SHA512
658474000a0405cc14def18d34b170e2da9c4ce68d92ff8e1b935893bdd613a4877104e7350e291ba1fb4f074c27e44c5dc16c820beb6e9f5852f4747d806049

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9f24facba4a21b76fe0c10af72fe110c

SHA1
8349e76b78607bdce5076c969751f98c7ae2a8a8

SHA256
e4f58a15514808aa59c4f57549fb9280f92a23fdfc0b3b77f7478068d768975a

SHA512
3cda94269cd3f152057f4521b79b464dc645d031dc761ce838c57433253ab5a266fe8570db57a327be7cd1265bd3fc040c33f1a0053b79b92158adc78439fc69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ca5362c86b2918f4f00b110b3d492644

SHA1
f981b38600c22be695f2dc832daf2fe2ea83dd75

SHA256
64436516537de7504dede2d1ed97913981f779409b53624d3696b2d6338f74a1

SHA512
cf0ca6e45549b6b63de74a06787a7b9ac557595828923e1f3b942550d62a29b9d9ae0182c85c0ef0a7fac6a52279b478ebef96951ddc6aa1d14a7da6172932d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\edd5e594-90bf-4312-88bc-f75e4491073a.tmp

Filesize
10KB

MD5
494f3716b3593c670e0ed9f53f877a8b

SHA1
b90084170cc5b4cf1f4a5846ec79e9377ba2fd64

SHA256
55d1f4d29f7f26ff9852ab381f820faefd647460916ebd58ec695bc83b481f74

SHA512
38163cba0c7106a1d760c9a8d5e9cb024a31b09bd908491d056210b708adf84645b55575f651e50ffea18919fb26b0205ac10126c82ac76c4b355126a1fdc317

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
4538465ff68b5bfbb850f988416e7cbd

SHA1
1c3e7d87286b10712bb62ca600095eb80b2d12ac

SHA256
1f750d0c811856160ccc96224dcd2e701ce8010af28e11f778f8f8fa3e18e22b

SHA512
3ab70b75f2bbffde3e599edf8401c98a1b7527b6bc6184ac8c8e1a84fc2044cad4b159b101e71bf468cbd956d483b7ebbbf68eb9bc17a124a14e10d2bad991e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
4131131ad73df2803c30d24c22f8694f

SHA1
552cd6d6034ca674af3b857ec728df42de9fdcc0

SHA256
f73073470374208b896de9760ede32fdc2d51ab226d06d920bdf8fd815a24726

SHA512
aff044016700262ec5b1ffc1fc7d93ca001426864ed144a843f9519d94eaed6125c3c1c1e51cfbc444a2b23a55fbababf76c5a649486abc84131f58d0367fd5c

Download Submit