hxxps://puutarha[.]net/scripts/lk2[.]asp?ulos=hxxps://valetify[.]tech/meeting?q=redacted_email

Resubmissions

13/04/2023, 01:16

230413-bna96sgd96 1

13/04/2023, 01:12

230413-bkg9bagd82 1

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
13/04/2023, 01:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://puutarha.net/scripts/lk2.asp?ulos=https://valetify.tech/meeting?q=redacted_email

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133258294409152507"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4548	chrome.exe
4548	chrome.exe
3540	chrome.exe
3540	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4548 wrote to memory of 620	4548	chrome.exe	84
PID 4548 wrote to memory of 620	4548	chrome.exe	84
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 1820	4548	chrome.exe	85
PID 4548 wrote to memory of 3124	4548	chrome.exe	86
PID 4548 wrote to memory of 3124	4548	chrome.exe	86
PID 4548 wrote to memory of 116	4548	chrome.exe	87
PID 4548 wrote to memory of 116	4548	chrome.exe	87
PID 4548 wrote to memory of 116	4548	chrome.exe	87
PID 4548 wrote to memory of 116	4548	chrome.exe	87
PID 4548 wrote to memory of 116	4548	chrome.exe	87
PID 4548 wrote to memory of 116	4548	chrome.exe	87
PID 4548 wrote to memory of 116	4548	chrome.exe	87
PID 4548 wrote to memory of 116	4548	chrome.exe	87
PID 4548 wrote to memory of 116	4548	chrome.exe	87
PID 4548 wrote to memory of 116	4548	chrome.exe	87
PID 4548 wrote to memory of 116	4548	chrome.exe	87
PID 4548 wrote to memory of 116	4548	chrome.exe	87
PID 4548 wrote to memory of 116	4548	chrome.exe	87
PID 4548 wrote to memory of 116	4548	chrome.exe	87
PID 4548 wrote to memory of 116	4548	chrome.exe	87
PID 4548 wrote to memory of 116	4548	chrome.exe	87
PID 4548 wrote to memory of 116	4548	chrome.exe	87
PID 4548 wrote to memory of 116	4548	chrome.exe	87
PID 4548 wrote to memory of 116	4548	chrome.exe	87
PID 4548 wrote to memory of 116	4548	chrome.exe	87
PID 4548 wrote to memory of 116	4548	chrome.exe	87
PID 4548 wrote to memory of 116	4548	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://puutarha.net/scripts/lk2.asp?ulos=https://valetify.tech/meeting?q=redacted_email
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb91c59758,0x7ffb91c59768,0x7ffb91c59778
  2⤵
  PID:620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1792,i,11996916680844870628,16981594970836112568,131072 /prefetch:2
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1792,i,11996916680844870628,16981594970836112568,131072 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1792,i,11996916680844870628,16981594970836112568,131072 /prefetch:8
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1792,i,11996916680844870628,16981594970836112568,131072 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1792,i,11996916680844870628,16981594970836112568,131072 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4524 --field-trial-handle=1792,i,11996916680844870628,16981594970836112568,131072 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4836 --field-trial-handle=1792,i,11996916680844870628,16981594970836112568,131072 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3416 --field-trial-handle=1792,i,11996916680844870628,16981594970836112568,131072 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3236 --field-trial-handle=1792,i,11996916680844870628,16981594970836112568,131072 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5232 --field-trial-handle=1792,i,11996916680844870628,16981594970836112568,131072 /prefetch:8
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 --field-trial-handle=1792,i,11996916680844870628,16981594970836112568,131072 /prefetch:8
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1792,i,11996916680844870628,16981594970836112568,131072 /prefetch:8
  2⤵
  PID:460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3396 --field-trial-handle=1792,i,11996916680844870628,16981594970836112568,131072 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3152 --field-trial-handle=1792,i,11996916680844870628,16981594970836112568,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3540

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1644

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
0da51f319756cda5112bf13290800aa0

SHA1
2eb4fc1deb67cbb8d05c2a3b6866b7dcfcb39fb0

SHA256
7c738f038fc3267aeaec7b672d6624e8c367394140c37c7799aeceb3670ba0d3

SHA512
329315712d691a517c825d972682bc9707676b32642c7df826d54ed3a7747a718f16ce6eded7504bd7f37b997ed19280babefa008c387821c23eb6102d9be821

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
9c68a5820c10c53ceb4d829ecd58b979

SHA1
ec1c4d54ec4ea26c6772fabb291cdad2b1bbd2f3

SHA256
852b85af47889425b53f9bbf68eb6fc9c9113206c2685ffff13e848183cd8fe7

SHA512
5223642b0e67c26045faf5d902a945aef77ba723f9186d0d70217aac2201f1e8278dd0c65ac22bc40dc0194c3f9275422c31303187e1000ed6449af84da89819

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e29a4e71dad83eec41c0f5ac1cd67a34

SHA1
677a8a1e44e6981c561b80a612fd94aeed3803f6

SHA256
78df592bc497e542c49a86f816e035d6ed8e4a5ca433df4188814233a0598985

SHA512
29619de594a544f6b73a694028fa3a8d4fe6c1422a0a57d2cd0ff040d70ead3f55061146f13a92c2f112a75df79d14f9a72d32b55eff20c07eb963b65279ad6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
703ef74bbd40572245f1cc66ff7d4a0d

SHA1
d1b42fcce11c40ff63a430e3619a3175bcc5f1da

SHA256
fe63cd57d88d972ae8f062b3a13974c4774529cac7b7589c1d8a95b015562c65

SHA512
016e2c48f205458e622722710db3a81a281d311615d50692dbaf62a5dd783d61134a9e87faf791a108e73055e3328399171ff4b124502c382ae9c4619bd5049f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
11dd6fe3f28b72b02be2b0171135be50

SHA1
f5bcd9787ae4bd6e46d0ff47421441b673d5e787

SHA256
eeaa45c113de833625774b55f1e582c733ae71945dcc77a6fd50291f4a37d63a

SHA512
0c08d48af5d7be9445687b191ed7aa3e6fbd7f7bdd587f268cd8d5cc5a5afcde7c4a4e251aed0650956729afe96f5cd54bb9d8f516c4251cb97f88c4ad80105b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a72ab28d97098271fdad72dd864dd6cf

SHA1
2d285315434d8008ee52b5949c7ced3687b72331

SHA256
4ddc01906145fbb7c04290343c110db107ebc2c5046a8f731c123423d479c0a7

SHA512
c564e077af8af9d6f13b6f994b6f467becd9ae15e477ad502f7149df5a43184b3577750e3354243fd8ac25c0e1a577ef5290fa5a2184027436d44a9e83606d66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9668214b3a051a5edea1a3cac3216d73

SHA1
eb2921336d27676853311913778a13cb6a3be0bb

SHA256
54acd687316ecbc362e9e1f12b219db35b428698a8e9cfc28adcb7f4faf1b0e2

SHA512
193bc41f2a972600597825ad46dec5b426cb7b81ec9aac4f4e734cddc0548f1b637d16fe27adaf1c706202dff4c7faeb02a481f12910552c9aa9a075851b7a8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
e058b80230fca23bbcb6b74ea58e4e77

SHA1
65ffb5370aa195ff3393a982c986aeb598f46d66

SHA256
074402028bc675a58a99c4d32224f0ad580cf10675286a73c1fdc3ed92d912c1

SHA512
945b6cf165b29f8a0fd295ddcd06c3fb8c87dff06fbdc718cd70e9f6a64a9a1d0b1a7c0f73885fd0b5a868e5fff907dc24334433db21e160bac54a0365732b18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit