hxxps://gpitranslates[.]com

Analysis

max time kernel
1799s
max time network
1688s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
27-03-2023 13:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gpitranslates.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133244048420477122"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4604	chrome.exe
4604	chrome.exe
1272	chrome.exe
1272	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe
Token: SeShutdownPrivilege	4604	chrome.exe
Token: SeCreatePagefilePrivilege	4604	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe
4604	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4604 wrote to memory of 4744	4604	chrome.exe	66
PID 4604 wrote to memory of 4744	4604	chrome.exe	66
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4544	4604	chrome.exe	69
PID 4604 wrote to memory of 4488	4604	chrome.exe	68
PID 4604 wrote to memory of 4488	4604	chrome.exe	68
PID 4604 wrote to memory of 2248	4604	chrome.exe	70
PID 4604 wrote to memory of 2248	4604	chrome.exe	70
PID 4604 wrote to memory of 2248	4604	chrome.exe	70
PID 4604 wrote to memory of 2248	4604	chrome.exe	70
PID 4604 wrote to memory of 2248	4604	chrome.exe	70
PID 4604 wrote to memory of 2248	4604	chrome.exe	70
PID 4604 wrote to memory of 2248	4604	chrome.exe	70
PID 4604 wrote to memory of 2248	4604	chrome.exe	70
PID 4604 wrote to memory of 2248	4604	chrome.exe	70
PID 4604 wrote to memory of 2248	4604	chrome.exe	70
PID 4604 wrote to memory of 2248	4604	chrome.exe	70
PID 4604 wrote to memory of 2248	4604	chrome.exe	70
PID 4604 wrote to memory of 2248	4604	chrome.exe	70
PID 4604 wrote to memory of 2248	4604	chrome.exe	70
PID 4604 wrote to memory of 2248	4604	chrome.exe	70
PID 4604 wrote to memory of 2248	4604	chrome.exe	70
PID 4604 wrote to memory of 2248	4604	chrome.exe	70
PID 4604 wrote to memory of 2248	4604	chrome.exe	70
PID 4604 wrote to memory of 2248	4604	chrome.exe	70
PID 4604 wrote to memory of 2248	4604	chrome.exe	70
PID 4604 wrote to memory of 2248	4604	chrome.exe	70
PID 4604 wrote to memory of 2248	4604	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://gpitranslates.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffbbcf9758,0x7fffbbcf9768,0x7fffbbcf9778
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=1764,i,7128333210498099515,5211619976721868013,131072 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1764,i,7128333210498099515,5211619976721868013,131072 /prefetch:2
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 --field-trial-handle=1764,i,7128333210498099515,5211619976721868013,131072 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1764,i,7128333210498099515,5211619976721868013,131072 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1764,i,7128333210498099515,5211619976721868013,131072 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4380 --field-trial-handle=1764,i,7128333210498099515,5211619976721868013,131072 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3032 --field-trial-handle=1764,i,7128333210498099515,5211619976721868013,131072 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=1764,i,7128333210498099515,5211619976721868013,131072 /prefetch:8
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1764,i,7128333210498099515,5211619976721868013,131072 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5100 --field-trial-handle=1764,i,7128333210498099515,5211619976721868013,131072 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4520 --field-trial-handle=1764,i,7128333210498099515,5211619976721868013,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3744 --field-trial-handle=1764,i,7128333210498099515,5211619976721868013,131072 /prefetch:1
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=928 --field-trial-handle=1764,i,7128333210498099515,5211619976721868013,131072 /prefetch:1
  2⤵
  PID:212

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4480

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
38f213554709ac1ea3d706a30a8d4be9

SHA1
0916e11e4ed6fd987ff418e3d803a4d72d2ff1f9

SHA256
08cb14966902e637b0affd8fdcf3fc3b58914e4bd3e5608977200c89ea3ffaeb

SHA512
765686969cd24d30a75ebdf4d97073b951db3a0cb5419d64ecc28d5fbca8e5d0e93dea0e82d64236c3207dccb9897244427fccd4179743ac1f6430eed35fa768

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8b5a252491916c412f5ec6f27dde9ced

SHA1
ef106122b89cbe9526d88213a2251bc89703e342

SHA256
c458150bdee01d658a839cc0fdd22e46e63fa6d88504e2082d63d8e2430951d4

SHA512
47dc404213dc59a42e0320f50b4cb45c2c9859dee6ce379fa667ac524386a153b3af99c0ad134a6bee205f6d8d45110749add59d3f05cea2731864f3238ae171

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
0af78ec3a1b41fcb2fc2c3409d997d45

SHA1
642d06002b8fd46744563a3c1c375e55257328d3

SHA256
8cfe0c65eade7a05955e7f3cceff46a9b2fd97e0dd58b78a94fa04d902c3ecd0

SHA512
76e3f0d85f6684d88f36c5b3ccbebd9482775df8513634fac5b4e2d53b20380d18b8c45efab0dda7339d3ef3565f3f891d807cc9882dd761dbc06a99743ad2bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
255e6073be9a73b40feae8e132dee3dc

SHA1
77d8d6195ff4a7a3efe3580ec59d37c8fdb72f7e

SHA256
260195eff1f011a494c21fca85addfcdf4d46b89cb75bdada1f37a5152d79fda

SHA512
a1e81f8688993ded369fe459319d965ed8acfe95c0a126dba333b665b8c982c0910231d1195aa48f3fb36acc27bd9ffa89ce6561a4ecf713f3d8b7dbf37132d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e373780c4d583d972e8163d34f7d7e44

SHA1
72ca4c4defdba553f60a4fac432e8ca175296970

SHA256
02dceeb60f6cc4de36f71aa96f1aac3c45cee66bc8f850e3801ca9efc4cb45c7

SHA512
ef34f2e63146e807f7e9f0eb5465b0018912e2f8c4eeec8756b35d22f388313a9a85c419a4480c2753c8e64d947396a0feb92c5e35ddb8a0aa53f6a2ebd2c500

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
103df225de6dc28ed4304d722a90782d

SHA1
40d1025ecc712361892e617cc066b1b3e989808d

SHA256
aa15cc78335fcc5ca59c07e760020ef930292f8cac2fda6c9274cf77ff0120c7

SHA512
93200623805171c9aa17611f3fb4b2612757556fdd291c1472733eaf96c9609134560d17d68043f63161b5fa1ee9ce763e32bd99c2fb0a87a77926f2c40d3ca2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3d227a5862154c6739f2758d8d6561f5

SHA1
f73d7cf6f7480805ec78a2c440b25454849891d4

SHA256
332a98f083fc158bc4e9cea2eed97a53f727cda4bdfda00fce58f5f1a35651ac

SHA512
402af2663e69cbb68105997a9bbac4b8b21975344a559f3581d5d2054f1a0e1d639d3eb5cd13c78a4729e3b6252d6676104bc182c98935c042f00bcc63322396

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
be541059ff7c8c7a83b85d3efcc709df

SHA1
b7629d91d3302b5b3333d14034429087ea2c282d

SHA256
bd2aca3f6e25b34d49d019254669adc72f3e53d38dc9c458f66b2980ddb71154

SHA512
49da57c49fdffb471bd742490b40c5e9aff71be2652f796653afe9ddd52798917265c739c41c1ce3af4928f0f65d3450e2591148a1534361085906cc3732d840

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
992d90c1e0f11cc91009a7ad57b2713c

SHA1
2ffabeb07af794ab55485efc18de69e2430f0c85

SHA256
737f19a0e315b45b3eca22d463b9d4b83ad5b5c80bbf049d4e132d8e87751871

SHA512
5a6981503f1a31f696ed124dec35f874c5b7b1c47d1933850e12a03ffb7c4f3454e90dd6e74f0be54efba674566cb302ba315d45fe795983b9d5070240c0abc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
ed594c2cddd8ccf2de49206540a80de8

SHA1
6bc2bbb96ead00a52e46ba3cb4afa41a8b2be11f

SHA256
898f9d3e4878eab9f285beb8f49bc09bd2fdaa8310c8d09920743dada893e521

SHA512
cf5219fc42cbc4de040f4e5b534cab5bfec43fbfad4f262cdaa548df439ccb7eda7a0ef29051c3c89f18cf0d12ec5951e66e9cc1080d9f00d8763162b9ebd48e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
a6ea84ea779cc5a215cdc3cd0152a416

SHA1
68ea36a77696167b5f4bfdb66e23e1470ffb0253

SHA256
03dda644aa3f7c424056f3a3cde9358702ee0e9c31f10cd05dd446b0f7850754

SHA512
83cdb27740e90744f06c70ace2ae54ea288f02915e406daf5842bf9c5e337edb3d89e05c4c3b135c130bced7f7a96c57acb4d4649a6a2b566aada3db7467dd7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit