hxxps://lavenderoriana30[.]pages[.]dev/?dit=bgfodqgaw&psa=curometo@yahoo[.]com

Analysis

max time kernel
109s
max time network
110s
platform
windows11-21h2_x64
resource
win11-20250314-en
resource tags

arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
submitted
27/03/2025, 07:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://lavenderoriana30.pages.dev/?dit=bgfodqgaw&[email protected]

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133875341211280586"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe
Token: SeShutdownPrivilege	2072	chrome.exe
Token: SeCreatePagefilePrivilege	2072	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe
2072	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2960	2072	chrome.exe	78
PID 2072 wrote to memory of 2960	2072	chrome.exe	78
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 5648	2072	chrome.exe	80
PID 2072 wrote to memory of 5648	2072	chrome.exe	80
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 828	2072	chrome.exe	79
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81
PID 2072 wrote to memory of 3420	2072	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://lavenderoriana30.pages.dev/?dit=bgfodqgaw&[email protected]
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb15adcf8,0x7ffdb15add04,0x7ffdb15add10
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1936,i,938486438074905565,8318113582906559353,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1432,i,938486438074905565,8318113582906559353,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2132 /prefetch:11
  2⤵
  PID:5648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2360,i,938486438074905565,8318113582906559353,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2524 /prefetch:13
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,938486438074905565,8318113582906559353,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,938486438074905565,8318113582906559353,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4220,i,938486438074905565,8318113582906559353,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4244 /prefetch:9
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5148,i,938486438074905565,8318113582906559353,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5160 /prefetch:14
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5516,i,938486438074905565,8318113582906559353,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3488,i,938486438074905565,8318113582906559353,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5696,i,938486438074905565,8318113582906559353,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4876 /prefetch:14
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3044,i,938486438074905565,8318113582906559353,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5636 /prefetch:14
  2⤵
  PID:5548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5692,i,938486438074905565,8318113582906559353,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5608 /prefetch:14
  2⤵
  PID:2044

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5624

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2f835ee6-d2de-4932-a433-54630724aed4.tmp

Filesize
10KB

MD5
fb321befe635ebbc603246cb162fa54d

SHA1
8493d6a856b354bc5f00325be02401da7ad1c302

SHA256
bb4760084a70a2e88d76c5321eb9e7bcfbece7ca0a0cf1bb1e89253a587ce497

SHA512
d46c2a58d4776000c297358b88a7f9726e19e2e800c1a981f1e8894bdeb8fa47410abe93ffea7b26ada986b7cbbd8493a364de961404eca0dac5cc4bfdf76349

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ed1d3f57da100415af8ee872103b7bef

SHA1
76534316909ed933ae851cc91858cf115050a6c0

SHA256
696749cdc03adc8d04ea8c057942cbb59bd024fb34642e660f5da78e701b776e

SHA512
719aebf26c50c5c54a90ec04407a73cff23ac8f87c95591f9fc4d82c66044e0c6eb93cfab67e5c4fd15ac7f4b48e88ed98d703fc0511c63f43cce05c31c12a6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
100KB

MD5
f134fda98a277b1c8f20ab8fbe2fbd58

SHA1
a922796190a1f5bbb3c410c6ec591502050df04e

SHA256
27bce9e85eaf3567a4695ba2b612e32615394d80d0a3a2dcb07b1fbfdfababc7

SHA512
2b2e8338afb9b0ca9b5fa3d452dfd80368b5d17566120ae6351b6d03572e5a69cedb97f165fbc31ffb3addcc00506a3fc0761cf2404a5d9826a8448a7c4d9f17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
685f85b658b2a4dba9572c6040a81a80

SHA1
19d16cf510b4ac062096fdf543d0523e49a66044

SHA256
01d46446a5908a0a3c2731421329ee65e234e333c088147d6b8908daa91101df

SHA512
d4f748069fbf65768e7a8f327250574d0c2ebe9ed27715906522af4688d896d27eb304b6566f02489130da29876f3e1b7663fb0116efe3ccf997dac4a5c682a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
7b0467400aa9fe4e1f24f7ba1e06ca79

SHA1
4e7e0c9bfadac114c4324a0d8a7bbdae8e454cc0

SHA256
0a71f3b3ef623e47fbedfbb2e4e0e445f3b57af333a9d5bb43079d829beccd8a

SHA512
5cf2b5aee6e46da9d54846207bab6c396f8eb325930d1df2f9fdcad0ccbc6b9ba9e5642143156eaec94575686db8b23467692d46024fad9aae0e2410fcbfdeb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f01368027c3768f6d6792c0a6bfaec89

SHA1
4b57fd2b76d656337e791be773ddeecce9fef4eb

SHA256
c55110a3087e5aff2694d2a17384cdc13d54bd19a6e9994f207f60cafbfd6fd3

SHA512
702b181878bd31d4deebc4ed0ae3dbb77d98e71e5adb30b434c08db77e0e1d9070aefb05b4fe0d61ae7601785b6a05127d070c8e53c5513676a253bc91e519d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
30f9e95bdb0ba758ef8d215b4dfd262c

SHA1
749505db1fb6a6cbfd45671b62225e8a1d9766c9

SHA256
d0e919ab53d994e94db149088e1fcb11dd1111a49dc319219b3ed93c290e6002

SHA512
cdf70e024edeb96611e543306561f32bfb26ef63aeccc0babe4f466c5ec537829aab8a58b207d331bedcbc6d8a4ba7830941b9ae4cf715ffbb1888694f14553b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0c4ee74392bcb9c2651fb89da5d6ea38

SHA1
3b0c059f0763113bc1f02ff5dcbc7ab421b9bb30

SHA256
271186f51c93e49b8e397d63570f77ed64355ad873c825457f56c4be696da869

SHA512
0c69717b1882b08f112a904faf5b582497a6ba83dceeb00e15c8522c1557dc55e25ee27713984c27e49a24c9d84606c6cb4edd41168ee16587e07a3402257080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e3a6f8950e5a436eac56799ac9f008f8

SHA1
91acb7aa8b5cac1fdfa6b3aabdb930aa054c283e

SHA256
672432a1a4cc735ab20bbd5bed2e65f0a0cd3b90e1a03b5d38c59880f3aefe1c

SHA512
6d41241311adfac37fd5d58fe474044231628c04219715340c5ca6e154d6732fade8b4754359eef22073bb7120ebbf70f0faf287674cac73da570e413bddf15f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c246.TMP

Filesize
48B

MD5
4f365f70cf5b75a59d8ced29505f4a33

SHA1
3d872befb863d51d018f4a65d45e7c8c839fe5ef

SHA256
bc78fd3015cf9d700a6e9b400a98f0cefb53e8d7739645bc544e925660262c91

SHA512
aeaa7702af516b30fd7c47420470c283256152289d831a5fb5c211e479d53419f477bd1cdc1133f48717a8b2e7ce2ee155317966e9fdea27061849acf736b7ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
dcb0a78610f2e34ef56fc66b34e85de7

SHA1
584374fe96eb722dae60bfed1f527bc2a38df806

SHA256
c40f0fd2a407df4a0c38918195dc70360a27888ca1845448514082a3bf349a20

SHA512
ae75f534977d58132c7ebe897ef82eae85203c12f04bdfd958ca1840e94b678a8334f7be0c539d7c5099d2604997773f82fcfbb011a7e0443b9a6069ad50dfff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
3dffc77137c1d3b8af4fb074cec20901

SHA1
eee38792c4f4e499e991636a0c3cafb828ff9bfc

SHA256
09d52359bda99370ddc5d3a3b702690d415b15eba5d4ceab3c3ba731324bcf1e

SHA512
3edcaa0a0feef6e7182587d8c9779e0ddca3c2a7e93abe8450075c9aaa7c1b5357df5049aefd61adbe14a71bf57e27669a8dbadbdae8812163baf337b39787cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
aef4f6770763e8c187c6096a546b5a8f

SHA1
84ebfdb692c1640d6e3b56167659b351d7fb43ef

SHA256
e8ec50c27031d9369851462a457bbbffae5df365f6be4b9fb53fa2a03274cb39

SHA512
fd0d778cfe9292c40710f9eaad5076f31e6211deb261717e62a702a4dff18a0dda81d95e47230008d74c8ccfc5dfa23c1a1b70c35ba476174f6f70eb1000cce1

Download Submit