hxxps://biometricdevices[.]idemia[.]com/s/?id=0696700000UHTY6AAP&date=MjAyMy0wNC0wMw==

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2023 08:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://biometricdevices.idemia.com/s/?id=0696700000UHTY6AAP&date=MjAyMy0wNC0wMw==

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133262026015568770"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2760	chrome.exe
2760	chrome.exe
4864	chrome.exe
4864	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2760	chrome.exe
2760	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 4736	2760	chrome.exe	84
PID 2760 wrote to memory of 4736	2760	chrome.exe	84
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 3848	2760	chrome.exe	86
PID 2760 wrote to memory of 5088	2760	chrome.exe	87
PID 2760 wrote to memory of 5088	2760	chrome.exe	87
PID 2760 wrote to memory of 680	2760	chrome.exe	88
PID 2760 wrote to memory of 680	2760	chrome.exe	88
PID 2760 wrote to memory of 680	2760	chrome.exe	88
PID 2760 wrote to memory of 680	2760	chrome.exe	88
PID 2760 wrote to memory of 680	2760	chrome.exe	88
PID 2760 wrote to memory of 680	2760	chrome.exe	88
PID 2760 wrote to memory of 680	2760	chrome.exe	88
PID 2760 wrote to memory of 680	2760	chrome.exe	88
PID 2760 wrote to memory of 680	2760	chrome.exe	88
PID 2760 wrote to memory of 680	2760	chrome.exe	88
PID 2760 wrote to memory of 680	2760	chrome.exe	88
PID 2760 wrote to memory of 680	2760	chrome.exe	88
PID 2760 wrote to memory of 680	2760	chrome.exe	88
PID 2760 wrote to memory of 680	2760	chrome.exe	88
PID 2760 wrote to memory of 680	2760	chrome.exe	88
PID 2760 wrote to memory of 680	2760	chrome.exe	88
PID 2760 wrote to memory of 680	2760	chrome.exe	88
PID 2760 wrote to memory of 680	2760	chrome.exe	88
PID 2760 wrote to memory of 680	2760	chrome.exe	88
PID 2760 wrote to memory of 680	2760	chrome.exe	88
PID 2760 wrote to memory of 680	2760	chrome.exe	88
PID 2760 wrote to memory of 680	2760	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://biometricdevices.idemia.com/s/?id=0696700000UHTY6AAP&date=MjAyMy0wNC0wMw==
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb01689758,0x7ffb01689768,0x7ffb01689778
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1864,i,7444711658199500449,8623568725004223993,131072 /prefetch:2
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1864,i,7444711658199500449,8623568725004223993,131072 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1864,i,7444711658199500449,8623568725004223993,131072 /prefetch:8
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3188 --field-trial-handle=1864,i,7444711658199500449,8623568725004223993,131072 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1864,i,7444711658199500449,8623568725004223993,131072 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 --field-trial-handle=1864,i,7444711658199500449,8623568725004223993,131072 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1864,i,7444711658199500449,8623568725004223993,131072 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=744 --field-trial-handle=1864,i,7444711658199500449,8623568725004223993,131072 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4980 --field-trial-handle=1864,i,7444711658199500449,8623568725004223993,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4864

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4148

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
de85dbdb66e9bc7096444c7165d90b23

SHA1
ecc241ef875de279dd62d3d60a01fa7c759ba5d2

SHA256
60f4c221fe2d4be194b7d74e10f982f63b0f44ca9ef4fffc3cd689252a9829b3

SHA512
40d178231764430b607487f7e1a1f810aed4eb5b3c939c1af88ece8815b5a939f48fde803eabc2748aa30708a0a15e4b8910f1d16a7741819b91c2b9268cc793

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5f49da6f0a3f047a22ecf4732989ce8b

SHA1
8e1b5dcadf49027c3b66c029b7946f7f3ec5cb23

SHA256
4fe5a6aeb734ae165f2c157d552c697cf8aba0a389438deb9685bf09b6095840

SHA512
276b5145fec20294e71909f9533c7877b620e6fd025d069bc9b724534f94d57aae5cbf3ced006c99e8367823137310b3f74388a8eab6797c4d55a1bb2f304309

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e52ab4f5f3022217ba639306dccb57c9

SHA1
4fa9ffea3028e5cafb8c875f49acaba1e96007dd

SHA256
09cd53875031a583745b3ec83e82f9b0fe25286fc816774800bd6398760a13a8

SHA512
52d49cb21741d26b4213bd377c6b4a256b0cec45dccc58d3c4b999f6d00e8afbca78a8dc41b874bfd6def8543c28f81afce5aa0b3beca3c40749c162cf11ffe1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
f7a3ed23f9a4c7becc9d1a29471c1790

SHA1
e616ef729ac3baef25f5eb77ecf3445038c95c5b

SHA256
e29ed13048ebd8cca0dcc669e01f2dad57a5a4ae11f76fa9bc1db538e6ec0954

SHA512
5044040969d8550eae2c305215e2608170c94e7246ad2e00b7b9cdb5dc30e32b82c611d7290be2814553c36df2c70f7b1f294484527deafbeaf991465d506b1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
99ee3f1f75d7eabafffb1f913b030385

SHA1
9476117c89faa5870242e34b84f7deaeb5e2ed6f

SHA256
950bd8bfce5e795322324da89316ac7531ddab14ce0d7279246d78d16d9bbdb6

SHA512
120299267987bb49d06d74db74631eee8d4ed1b0c6deb6dd4c778302071ec2c6bbcc1c412af7a9390e7f13fcd787b9fdfb0867e7388084aeb2ae28948ed991f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
93fa27f406ff8efe0314d35c0517c0a9

SHA1
525062744f3ed6ae577c256a5cc3fc9e06de7149

SHA256
54339f358f93565bbd25682c70e6b86d956be95fbdf4607cd39b38aca6ba5409

SHA512
9dcc584a9a9537be5b361e354d0fcda28aeb3fca317c720e45b8aa52cf68de8bc3448d95bfacd61af572815c2bdc05904f9d8c183c3aafe5f869c41944d5204b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
754dbe4feeb30b2a8aeccd2c292cc472

SHA1
2dba28b83a70948bc0cf77401c20b770fbd36dce

SHA256
4c7efdf5945f0aa14a995c0d5f254b6fe9a94c4d765d6767435ef10ec9a4424e

SHA512
8185a47740fa404bdb88809f18b3c236ab0d932db9c2fd3ee435000186af6b93f2460e5827cbee06b7526608d8fbc5ff4cbbc72b8e79ee5e74200cc95179fab7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
86b510d98a0634c28e1ed4dfc803a53e

SHA1
ef4c869826226ff4423002f23d0cfda0ca5aa988

SHA256
c3d4e4759049c7b6360ab6dce1a6a4a441194617079ef014bbea052ade5b1fbf

SHA512
1126fec610ccf75637e1f4c56113659a51f63fa21a1219828193fa1852c10f0d8f10cd0b2255925321d04f69376b3e3a2b6b261cd4abb3cbe16527999df7c9ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
815ccb2c47d3d5ea9038244f21e7d5c2

SHA1
bf9145009a94575e011614577f4796fe84cb3df5

SHA256
7d025a036d4e653f9269ad921900740039ba40c8c321f7015d55414ff30b172c

SHA512
024d69969a3034bad62c69527204e2d13e79d428cf6f62f47c26f0c21296172c8a9b1c644421bcbd0a1ab3aa06b45a6b1973cc24ba6ee2dd717c6bc4bdd7e6e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
5d2d2efe4719aba2095ec850f5ad4ff8

SHA1
be5db92ab760f00b21bdee8dc59ec883bb7b33f8

SHA256
d0cf64ebc03f988ae969e3436a50862a7d5ae2a5aa41fc726986eb6ba1f5c362

SHA512
3c22d7493691cadfbd2e8a5a9d290d8fdf7edb757912c066156042be89eea1ac372df1729256616a7499d52fbfe03204ae0471e5eb0d60bb46ac7ec6af6ad9aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
c2225ad173493a8c283a94122ebd0782

SHA1
c6e62dea2d3f6307a6a78c3456da89597cf3d48f

SHA256
2e3d1cf48ef2888084ee96434131884cc220850fe1f797595f4a106d5ebaa4eb

SHA512
c637370bd21bb40d66beec7a127c70535a76387367301cbc96eeb2fa4aff1b22b62b7f5457deb7797da39c79dabf3b6a3e1cf609e63ade2af66c988133d0e41f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580ab9.TMP

Filesize
100KB

MD5
a4fd3e4e16537d87929e51db947f0a97

SHA1
6a624b00d0a2d9478ecd31a6561c997dc49610fe

SHA256
c04a8b6047e9c940072d7e5cb70200338cf78571b6e6bfaff2fdbeb6e1e5dd7f

SHA512
98bbc2b17007b4bbfb53fe04d44915073c68b0b8a4595754b3791cf92e2fc27dd56f520029ecaae5653bc290512ee1805f01c941895543632bd5705c2c530583

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c9b83a37-a6eb-42ab-9cb4-5e36cdafa76a.tmp

Filesize
199KB

MD5
c2fd60f62a6b7f357fcd24d41873b5be

SHA1
91c2928fe1840cd1f14f18e64b790c211f12db6b

SHA256
d060663dab04f34c0d614710e0fa6b2485d539f1e6533d9116e762d49692a698

SHA512
42eaf11ee61bc9e3bc442638790813c746cee41a31bd510d9f7824855f4210014b24a4e86593c11c69a4a6e9b8b404101f55c77d82cf625e3405c73e7c3e8957

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit