hxxps://ums[.]koreanair[.]com/Check[.]html?redirectUrl=9JRD01MTMy&U1RZUEU9TUFTUw=TElTVF9UQUJMRT1FTVNfTUFTU19TRU5EX0xJU1Q=E9TVF9JRD0yMDE5MDkyMzAwMDAy&VEM9MjAxOTEwMjM=0lORD1D&Q0lEPTAwMg=URL=

Resubmissions

17/03/2023, 00:38

230317-azkgjsde68 1

17/03/2023, 00:37

230317-ayh74ade65 1

Analysis

max time kernel
150s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
17/03/2023, 00:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ums.koreanair.com/Check.html?redirectUrl=9JRD01MTMy&U1RZUEU9TUFTUw=TElTVF9UQUJMRT1FTVNfTUFTU19TRU5EX0xJU1Q=E9TVF9JRD0yMDE5MDkyMzAwMDAy&VEM9MjAxOTEwMjM=0lORD1D&Q0lEPTAwMg=URL=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133234907618730176"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1136	chrome.exe
1136	chrome.exe
2184	chrome.exe
2184	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe
Token: SeShutdownPrivilege	1136	chrome.exe
Token: SeCreatePagefilePrivilege	1136	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe
1136	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1136 wrote to memory of 3228	1136	chrome.exe	85
PID 1136 wrote to memory of 3228	1136	chrome.exe	85
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 216	1136	chrome.exe	86
PID 1136 wrote to memory of 228	1136	chrome.exe	87
PID 1136 wrote to memory of 228	1136	chrome.exe	87
PID 1136 wrote to memory of 3260	1136	chrome.exe	88
PID 1136 wrote to memory of 3260	1136	chrome.exe	88
PID 1136 wrote to memory of 3260	1136	chrome.exe	88
PID 1136 wrote to memory of 3260	1136	chrome.exe	88
PID 1136 wrote to memory of 3260	1136	chrome.exe	88
PID 1136 wrote to memory of 3260	1136	chrome.exe	88
PID 1136 wrote to memory of 3260	1136	chrome.exe	88
PID 1136 wrote to memory of 3260	1136	chrome.exe	88
PID 1136 wrote to memory of 3260	1136	chrome.exe	88
PID 1136 wrote to memory of 3260	1136	chrome.exe	88
PID 1136 wrote to memory of 3260	1136	chrome.exe	88
PID 1136 wrote to memory of 3260	1136	chrome.exe	88
PID 1136 wrote to memory of 3260	1136	chrome.exe	88
PID 1136 wrote to memory of 3260	1136	chrome.exe	88
PID 1136 wrote to memory of 3260	1136	chrome.exe	88
PID 1136 wrote to memory of 3260	1136	chrome.exe	88
PID 1136 wrote to memory of 3260	1136	chrome.exe	88
PID 1136 wrote to memory of 3260	1136	chrome.exe	88
PID 1136 wrote to memory of 3260	1136	chrome.exe	88
PID 1136 wrote to memory of 3260	1136	chrome.exe	88
PID 1136 wrote to memory of 3260	1136	chrome.exe	88
PID 1136 wrote to memory of 3260	1136	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://ums.koreanair.com/Check.html?redirectUrl=9JRD01MTMy&U1RZUEU9TUFTUw=TElTVF9UQUJMRT1FTVNfTUFTU19TRU5EX0xJU1Q=E9TVF9JRD0yMDE5MDkyMzAwMDAy&VEM9MjAxOTEwMjM=0lORD1D&Q0lEPTAwMg=URL=
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff81be19758,0x7ff81be19768,0x7ff81be19778
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1916,i,4307667224918047744,11342079676505326744,131072 /prefetch:2
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1916,i,4307667224918047744,11342079676505326744,131072 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1916,i,4307667224918047744,11342079676505326744,131072 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3248 --field-trial-handle=1916,i,4307667224918047744,11342079676505326744,131072 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3232 --field-trial-handle=1916,i,4307667224918047744,11342079676505326744,131072 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1916,i,4307667224918047744,11342079676505326744,131072 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5160 --field-trial-handle=1916,i,4307667224918047744,11342079676505326744,131072 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1916,i,4307667224918047744,11342079676505326744,131072 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=956 --field-trial-handle=1916,i,4307667224918047744,11342079676505326744,131072 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3740 --field-trial-handle=1916,i,4307667224918047744,11342079676505326744,131072 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4704 --field-trial-handle=1916,i,4307667224918047744,11342079676505326744,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2184

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4664

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
de004d91bb752d42bd5a2a3d3cafee40

SHA1
32b219d73829589a9c95e6f8bf5b07df19a9f006

SHA256
5cc11c4887d436220a226db763755223f56b498cfb8d71e9343059bfc89827b1

SHA512
a3b494ada0251ef9fc6f2b8f0dd11931e96d9f683d3bedb48428e8446562ca206cf02b1121bc50b36c343f1d6053edc89d1ed56ac259189d4ead6f1947fe1d06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5be0563d660498c6263b3da3207fb118

SHA1
3568b8743e86ff4f03d31400be272bf93fc49375

SHA256
d339915a6bba5637de88200f66900680e3b3c944dac45f0d2725a6f98ace51f1

SHA512
9b5f0d78defd0ce9978ac55bd317741341899db8447ec755f9d8037c780e8590b3d8bc8d7dfa31a693d6622bbcd132a92bae855f37f35b7bce4284968f61bfcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
df2ea9f2f36a4b826af1289cd46b36f3

SHA1
8c4dbbca8f6c956d66450a6440c7ff9a5a383393

SHA256
b6197c6dd5e746bccc294c896d656682e6c0bb4f591aa8594a33c94520538675

SHA512
4fdb9852c3df31a26812fb67cb6e12f944301364d6583a0ddec1f981c4382dd6fd718140f88fa42797e5b283ae4214b0ef9df4b6b99b79757370d5c14b681208

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e541d8107508e9cc42232de252d5146f

SHA1
35db2c50fbfad92525f496726b5320e652737f76

SHA256
a39c5c242df1942d110e8445da670601d768f77002828dc6a0de049567952d0b

SHA512
586421247e3ef36a35a51cf97ac53a8bef0d966e3ff11df5238ed3e5a972db2be3e770e45b7f68b341e95a15f3bf3f02553169a0e8ba1e562cb9ada04343bde6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4bb05963cd7ace7720c127b085dee83f

SHA1
f5280115f9b7aadb7a756167d9ce18af0d16875a

SHA256
f317fa61598c14843c04567ba148c25ee7b93a4f9016dd5bee0397efead188f1

SHA512
7ee39755a1cc5a54d1aad31a35e32231ea5770e7aba63616f19d36a07bba4e5c169ab9af88ed02b7807f4a4e09db9104ea774ede698ca5f286dfa77dad818e79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d483a89715b5f1083bc53bb9ac8c5735

SHA1
8fecd802c18d2a9956a8fdd877c6c5acb81ad277

SHA256
7f055b7cafbd83f766076daf7ccc3032dc5040960f1f7aa22717dbafea193b4e

SHA512
368e935e8b234bafc728d2a983db9551f1a7f41f12bc620bdb3fd1855caa9a465afae51b333573434d3ac1c3335b61622e146fda253cf7542525c17cef6bd911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
99b899e79b30464c10f1833caa517556

SHA1
e384eabf45fe549b7c5012915179e15db4fdb74c

SHA256
ba346839226204a993eb3a6308d203f5872415b1a093db1175c5780b1f82eef9

SHA512
e9bca2b2937a7b3df8c21572fe5f127e014c6f96f3a0bc0f0daa047ea903461ee8af6fe0159764f2d652a1730b63781866a41b25470565b2e26b6838026de188

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
930c465b0e1da5697a3422665c14a504

SHA1
d4283f9cc095d6ca7be07d7934af36e71f6b315c

SHA256
86618f033d42f03adde599d4a90c80286bebc5ba06316ad2229541911f9ba33f

SHA512
84ca7c0e44e41a831635e8e88a5eb00b891b0b22036174e4e20d853784403aeb9a51ecff99574fd29c61f2b8e44a037d3ebc9772d1ddcbc1475f9a9703d8fa61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
bd2c6519b4ba564747c5f477b8963fd5

SHA1
86cb59c91d471335325642c71eadf3d77d1aa8b3

SHA256
111a3e7b58ff2dc4175ba0bfa08ca09bfd440c40fa8f2f96b5221fb28c6b1c2f

SHA512
eb7a6df1e247173497d0cab671c28b3a8d482f9220bbd30e44fe2fc82bd3a31e21efd30ee3be601dd1561f5de118b5f413a4f30e2424faf4095e5b421a72737f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit