hxxp://starrez[.]screenconnect[.]com

Analysis

max time kernel
150s
max time network
148s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
29/03/2023, 20:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://starrez.screenconnect.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133246022518556105"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4160	chrome.exe
4160	chrome.exe
3484	chrome.exe
3484	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4160 wrote to memory of 3672	4160	chrome.exe	66
PID 4160 wrote to memory of 3672	4160	chrome.exe	66
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4212	4160	chrome.exe	68
PID 4160 wrote to memory of 4232	4160	chrome.exe	69
PID 4160 wrote to memory of 4232	4160	chrome.exe	69
PID 4160 wrote to memory of 2052	4160	chrome.exe	70
PID 4160 wrote to memory of 2052	4160	chrome.exe	70
PID 4160 wrote to memory of 2052	4160	chrome.exe	70
PID 4160 wrote to memory of 2052	4160	chrome.exe	70
PID 4160 wrote to memory of 2052	4160	chrome.exe	70
PID 4160 wrote to memory of 2052	4160	chrome.exe	70
PID 4160 wrote to memory of 2052	4160	chrome.exe	70
PID 4160 wrote to memory of 2052	4160	chrome.exe	70
PID 4160 wrote to memory of 2052	4160	chrome.exe	70
PID 4160 wrote to memory of 2052	4160	chrome.exe	70
PID 4160 wrote to memory of 2052	4160	chrome.exe	70
PID 4160 wrote to memory of 2052	4160	chrome.exe	70
PID 4160 wrote to memory of 2052	4160	chrome.exe	70
PID 4160 wrote to memory of 2052	4160	chrome.exe	70
PID 4160 wrote to memory of 2052	4160	chrome.exe	70
PID 4160 wrote to memory of 2052	4160	chrome.exe	70
PID 4160 wrote to memory of 2052	4160	chrome.exe	70
PID 4160 wrote to memory of 2052	4160	chrome.exe	70
PID 4160 wrote to memory of 2052	4160	chrome.exe	70
PID 4160 wrote to memory of 2052	4160	chrome.exe	70
PID 4160 wrote to memory of 2052	4160	chrome.exe	70
PID 4160 wrote to memory of 2052	4160	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://starrez.screenconnect.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffee4459758,0x7ffee4459768,0x7ffee4459778
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1564 --field-trial-handle=1676,i,9197649835024318598,1079808020543453135,131072 /prefetch:2
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1676,i,9197649835024318598,1079808020543453135,131072 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2020 --field-trial-handle=1676,i,9197649835024318598,1079808020543453135,131072 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2736 --field-trial-handle=1676,i,9197649835024318598,1079808020543453135,131072 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2752 --field-trial-handle=1676,i,9197649835024318598,1079808020543453135,131072 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4384 --field-trial-handle=1676,i,9197649835024318598,1079808020543453135,131072 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4540 --field-trial-handle=1676,i,9197649835024318598,1079808020543453135,131072 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 --field-trial-handle=1676,i,9197649835024318598,1079808020543453135,131072 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5044 --field-trial-handle=1676,i,9197649835024318598,1079808020543453135,131072 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1676,i,9197649835024318598,1079808020543453135,131072 /prefetch:8
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 --field-trial-handle=1676,i,9197649835024318598,1079808020543453135,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3484

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4496

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\245e6009-f8b3-4b7d-8132-bb712a0e0efc.tmp

Filesize
6KB

MD5
6904ae15cd866f1a17136916ba3ce001

SHA1
b0f915cbbe9c0fe6a0e9e74bf9d0262dcc215f32

SHA256
63cad8b1ca3c064cd60310a608d54d221daeaaeeb9e9671452b3ca0ff2caaa1d

SHA512
49d839a50515b8289ac075c0eceb93c9ac1f83912188ff7f2a220cc521158341fc7f95cbf7d84068dcf1aa804315c3c6b56a759530a23e64871aca971ea0d590

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
cd1a5facbc424ac33930d9592ca62ff8

SHA1
a3f930db496779b74a6afdd302f77706ddf84278

SHA256
0a72a225d66ffdb5c2cc814e3d88a74189451c40142b1c696b83f7dc186dc94c

SHA512
f6c25857a36b436384080bdc9ad6b70d5f6bf93bf58b69c43e79dacf852211459afc9788bbf1fd35dfaf9bd88fbd03ac49f52cc8c3184c87b32a31e031f1f2dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
55b3d891695840aef8650784db018162

SHA1
b5c13a5a5eb7e4467bd396ba8176567268c70360

SHA256
294e9c37c03f00bc6abcb22f9a75f54066118929c86a6aa53d7d4c4c20bd1b74

SHA512
6e4e924315aa1d123e02b1b7566679cda521cd0e5e9c2970955c873673068b54cbb9cb297baf590784aa27c113ca69ddad70128b378c9472027bbf7c5b9881ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d4dc3a8b8c8b821221d084dad5d280d9

SHA1
0ad97b894bd5753941165bd434b77f2ce56120dc

SHA256
c073b3072afdfa548a2b4ec1dd98e94849870f0c50be58b8b525a78296a8def5

SHA512
d5340f27ffa27cbf3200dbb58b36102fb1cb26076e9e9d8d50bcc6d887981e17c2fa6f8ac6f203e938a4b0ad4736c37587cd5bf33a1aad95456c4713f24fd083

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e505f53fac065270e83fecd2e81f012f

SHA1
3bb28f16e368b2e02848a0e7625c8dacc4f3cc38

SHA256
56a1f9b264a08dc42d2dfb9288c1a9d431b0d7f4d6f2a99ede2d55604ce0e19d

SHA512
e04dc29cdf83ef9662cc4eaa5a2f3150615bc257c92c46098b88f1c0bf781c5e975ea2e3cf4bbaf5fc40aa5690f92b2098c6d13081660fb7755c1789c5790fab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0a5ce3005d88f7eaed5c34f73d008e39

SHA1
a7bd537b484d7e772639dfd0c778f2383396aeba

SHA256
3e843b2011074526e91b1d0be70ec37402f86b04b43704f8e0d8e3c1afd1d45b

SHA512
3bca1d6e4b6f77e434d4d74e980a112c42be5b6bab9780f2c4b5b655a44818bb936b5efae3be984e093c90b79800f16112e3da860bb5e7ec378eb15d69b728ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7d6af91d95db64fd16c44d7869761f37

SHA1
dcb38e23629d56bfc0f706610b92d113ec16f4b1

SHA256
58e9f600553d9cb7b314a3dbefe43068a35e6b94b680fd7e2d08c8f96b5cd5cc

SHA512
0f984b3f2ae5824c8dfed9040562576f90622697096f281293d9587380844595d704f45203eda5f6138d740bb4034a4d46069bbb9a9a51a358cab38db199b5ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
62f69a44654c1ad8bc84ee8b355624e1

SHA1
355b1fdd64982e67ab8fa122c89ef8c3974da018

SHA256
87bb12d28647fd8afff380b17dd8f9136fb492e963d49cbd34951d51108e04e1

SHA512
660eef1b2caac26cb24c06f0baa1f56476e898a104ea813c5d1e1e0d42a2321d6f4a70d754b2a9cb146585c69780ff1fbfdcd1e0af75dba2dc172ebc9ddf3dc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
aedfca501314481e0d5a5325b77037a6

SHA1
9143f203a122cb1991b3c568df18fd0b86e12b59

SHA256
2679da6b33cdff172ec398ae34c6fad087ab2d7371ae15f315ee370a345f4103

SHA512
f48a945ac963d1c3a19a27553d54ba0f301c80ff09854c6a40a415893eff82e1b5ceec57f5714c0e501102f7e26ead8783181a9210b22edd3dae6f68ca32c7fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
95a18ca1de3033bd41ac0a589c80d66b

SHA1
a29f832397d2b22e0fa977325694fc5d29c669e2

SHA256
b6fb48700c98392a626039a82f2cb2746ea598f0b9400cab8789ceb965a803ef

SHA512
8381a585fa035369d5ee0d2ec554dc802270aceed5f9afd6f72274188659a5f21e1ae43b5ba68b58c6399141ee42ce08e8ca79366a8d7b7901ec41111090f03a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
a6a6e48b5e11481eaab92074dfedcea9

SHA1
1cffa1d19c795dfe3d4d70798a2569ac06191aff

SHA256
da5ae31968026a9c921a811989d9cf84626a8fdf05dd1ba91e5dd039a080c625

SHA512
9f4e0d38276eca91a6e3b9952b2f7fb4b18d4222dfc345ad76d7eba92fb24dc90037d4fb4a3e1ff23da78305f6c8aa5fa29e8c91cead1e82fee258d91c4d92ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit