hxxps://protect-us[.]mimecast[.]com/s/qjqFC310xJcXQV2QgcgGbhF?domain=api[.]criptext[.]com

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
23-03-2023 09:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://protect-us.mimecast.com/s/qjqFC310xJcXQV2QgcgGbhF?domain=api.criptext.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133240393470200329"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2540	chrome.exe
2540	chrome.exe
1776	chrome.exe
1776	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 2588	2540	chrome.exe	84
PID 2540 wrote to memory of 2588	2540	chrome.exe	84
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 3532	2540	chrome.exe	85
PID 2540 wrote to memory of 1544	2540	chrome.exe	86
PID 2540 wrote to memory of 1544	2540	chrome.exe	86
PID 2540 wrote to memory of 208	2540	chrome.exe	87
PID 2540 wrote to memory of 208	2540	chrome.exe	87
PID 2540 wrote to memory of 208	2540	chrome.exe	87
PID 2540 wrote to memory of 208	2540	chrome.exe	87
PID 2540 wrote to memory of 208	2540	chrome.exe	87
PID 2540 wrote to memory of 208	2540	chrome.exe	87
PID 2540 wrote to memory of 208	2540	chrome.exe	87
PID 2540 wrote to memory of 208	2540	chrome.exe	87
PID 2540 wrote to memory of 208	2540	chrome.exe	87
PID 2540 wrote to memory of 208	2540	chrome.exe	87
PID 2540 wrote to memory of 208	2540	chrome.exe	87
PID 2540 wrote to memory of 208	2540	chrome.exe	87
PID 2540 wrote to memory of 208	2540	chrome.exe	87
PID 2540 wrote to memory of 208	2540	chrome.exe	87
PID 2540 wrote to memory of 208	2540	chrome.exe	87
PID 2540 wrote to memory of 208	2540	chrome.exe	87
PID 2540 wrote to memory of 208	2540	chrome.exe	87
PID 2540 wrote to memory of 208	2540	chrome.exe	87
PID 2540 wrote to memory of 208	2540	chrome.exe	87
PID 2540 wrote to memory of 208	2540	chrome.exe	87
PID 2540 wrote to memory of 208	2540	chrome.exe	87
PID 2540 wrote to memory of 208	2540	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://protect-us.mimecast.com/s/qjqFC310xJcXQV2QgcgGbhF?domain=api.criptext.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa4c089758,0x7ffa4c089768,0x7ffa4c089778
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1760,i,16630853614482686000,13052397557091527611,131072 /prefetch:2
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1760,i,16630853614482686000,13052397557091527611,131072 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1760,i,16630853614482686000,13052397557091527611,131072 /prefetch:8
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3144 --field-trial-handle=1760,i,16630853614482686000,13052397557091527611,131072 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1760,i,16630853614482686000,13052397557091527611,131072 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1760,i,16630853614482686000,13052397557091527611,131072 /prefetch:8
  2⤵
  PID:720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5108 --field-trial-handle=1760,i,16630853614482686000,13052397557091527611,131072 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1760,i,16630853614482686000,13052397557091527611,131072 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=952 --field-trial-handle=1760,i,16630853614482686000,13052397557091527611,131072 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5028 --field-trial-handle=1760,i,16630853614482686000,13052397557091527611,131072 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2732 --field-trial-handle=1760,i,16630853614482686000,13052397557091527611,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1776

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4612

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7cc4402f-290e-430d-8f83-5abeb52b3f93.tmp

Filesize
6KB

MD5
2c8d3ae27746296921d4d9e800809541

SHA1
7213ebb03c48094fdaca4d32a7a30997dad9ef22

SHA256
b27ab106cc6c2c41b9c9197a5f4963c7fe1fbccd241a19ef7f1b9fbc2b1e8b6d

SHA512
52b87583247a301061d7c0c106239d994214fdc1d6cd3ae12c74beab7c1286d35328a189bea3fc739137c62ec3c0e9ea9ddf27a49345968955015bdca5079434

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
8dea452153a679375fe3b4b656487328

SHA1
0feef51c85f13750ec2513d5ed7a941dbd863bb3

SHA256
daa07c94abd828c435dcddba6213ce1948f5e42264dd64e07cbdfaeb172fec66

SHA512
1cc8a1f2d8d582994f5b477643dacd33de0b606f2ad3d7b4d4cc600f92741d1510d6baa828bd4ccf8112133fb13de720c29fc7005cecf9ebe13d994919c7e232

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
956B

MD5
111a94c8753d76f8f32225a7f70fba47

SHA1
c0a7dde5005a609235750e78e49ec9f692e35c1e

SHA256
b4dc883c28631edca4304546540ee9ea064fb27afc09b7c12673b7c43e932b54

SHA512
390ab5eef7b8b1dd7850c9e323209cddfeafb5e460e67d3905a5f5f68aeb061b31d6b358d79119778a579c33b3815f9a2d05b4760fd8cee735143daa0c02b7bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
882B

MD5
f6ce168ae502a7ab696ba396b4141da2

SHA1
a77561aecd37fa2555eb16b12afc11001224b6ae

SHA256
ecd96022e9c9166a9c30b0a0bb4b31c21a21100e09c1bc0d59893a5b0b8cbc2f

SHA512
003026108042ca234b85f7b0f9b311f9159547276f8578450273a5615635c3a016d414a6e7dc901d2bd6a494d3515af81f391e866df9a924075e31625c1de45d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
703B

MD5
645303d203c889d4cf22425641aad931

SHA1
e360cbc74ed723b4f93978bea998a6446d2e3e1d

SHA256
ab206af7fb1c2f46c4f146e671a77345a2ecbaf4a98842442eea39ab4b906abb

SHA512
44f513c1b2462d5f065fd927c582d96682a580dcb95d39e4a165d089ccee6c8c76dc2aea2eb4573ef79d059b3bbdfedcec46bcc16df90cdd15a3c0cead1483ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
701B

MD5
428c9754fc1c8a9668058bb9b0646921

SHA1
f519afac22617f3a248cd400eca28109aabaa6dc

SHA256
2dfda30aaadd801bab3698dcd3eb5ed91bc997f4b50e32fe4987b0c3c1fd6598

SHA512
c14adb73dd9f9c8d6cdcde3fb53502f22e89b1cc25ba69b1e1ac15f7276bf47a4c241a3982a26e137e1e320db3422ee7596ca3a6a01fcdd9b34f130a53fa85a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3a286cea3a45283fd2ffe09a764a5a99

SHA1
3e460187be90c11184755467b3b66660b4c71edf

SHA256
b98cec931d8868b4311a628b34f368e7a0f0dbe13efe409ae7cf39f286347cdc

SHA512
3849d6c99db119c57b1ae738b70e874fb6d7f9a63d16970759b154ac2703d23781e50687ffbacfbed40c50919c0866b5e66963ce1c802091ac3f8109d7f3a53a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9236e3d6974dd039f49eeb2003f5f815

SHA1
6359f7e7ae24789ae7760c0695aeaa2582cf755b

SHA256
85272e4b0be92ce2b5a0ced0799d99ae29a5ea535834c456edb80bc421510696

SHA512
ade95456bba64d02a669a55d88968420448ecbdb406af3d6728c4facf53a7d6a184f4c22af543c07f315cd414673568816b8a2f3aff9439dcce0e8faea170ecc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
2e1519c62f88d9fb689bb477b8dd95a4

SHA1
02d6c13956a61b8aea401b37862524af15aa6872

SHA256
16c4b0f31c8ec97f16727e7d407bc6db961c6110b2a4bd94a447428991f0d6c6

SHA512
4396b480d438b8c407752fd0de0e446c7fb42c99eff5af4039f7331e4886dcb1ec6f2f2e8d5060c5ea2aff92a7cc821893a874ef8bf59e46986ac646629ab3d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
81119259bde006bf280ca302075800ed

SHA1
3be0d0319fb1928a1a1b16d98cb026a544a7f2dc

SHA256
847e5c0a060d73155f9db21a29325c22dc30fbf618f6b566d2277fd72c297ade

SHA512
0e6fa346f98c577e27b9d683015fed0ff675fc889692f83ae3c780aa7161b69e11be8f61bebe92fabfddde6730c3e5d8e2d87f714171ed43e4b8bac2e92d2ab2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57b4d9.TMP

Filesize
97KB

MD5
a37f76c8c9951ae29a68cc8fe9f9fdd6

SHA1
45f8fcc226776ffbc124112fcc9052f3c626e5f2

SHA256
fe828e9cda774dac0486ded6318b6817f1df0c515488657640754de0b779c0bf

SHA512
60f030c9c7f2377c70c0526ef4bd20b608185304f4cb628842202e61706ec5938fd2da737caaa7a4582ff729293dc53ef64213cf31def2390e144fb9375990c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit