hxxp://www[.]jewishexponent[.]com/2020/07/16/penn-grads-star-in-netflix-hospital-docuseries-lenox-hill/

Analysis

max time kernel
121s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2023, 18:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.jewishexponent.com/2020/07/16/penn-grads-star-in-netflix-hospital-docuseries-lenox-hill/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133264040791433871"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1368	chrome.exe
1368	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe
Token: SeShutdownPrivilege	1368	chrome.exe
Token: SeCreatePagefilePrivilege	1368	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe
1368	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 1820	1368	chrome.exe	85
PID 1368 wrote to memory of 1820	1368	chrome.exe	85
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 1904	1368	chrome.exe	86
PID 1368 wrote to memory of 2104	1368	chrome.exe	87
PID 1368 wrote to memory of 2104	1368	chrome.exe	87
PID 1368 wrote to memory of 3744	1368	chrome.exe	88
PID 1368 wrote to memory of 3744	1368	chrome.exe	88
PID 1368 wrote to memory of 3744	1368	chrome.exe	88
PID 1368 wrote to memory of 3744	1368	chrome.exe	88
PID 1368 wrote to memory of 3744	1368	chrome.exe	88
PID 1368 wrote to memory of 3744	1368	chrome.exe	88
PID 1368 wrote to memory of 3744	1368	chrome.exe	88
PID 1368 wrote to memory of 3744	1368	chrome.exe	88
PID 1368 wrote to memory of 3744	1368	chrome.exe	88
PID 1368 wrote to memory of 3744	1368	chrome.exe	88
PID 1368 wrote to memory of 3744	1368	chrome.exe	88
PID 1368 wrote to memory of 3744	1368	chrome.exe	88
PID 1368 wrote to memory of 3744	1368	chrome.exe	88
PID 1368 wrote to memory of 3744	1368	chrome.exe	88
PID 1368 wrote to memory of 3744	1368	chrome.exe	88
PID 1368 wrote to memory of 3744	1368	chrome.exe	88
PID 1368 wrote to memory of 3744	1368	chrome.exe	88
PID 1368 wrote to memory of 3744	1368	chrome.exe	88
PID 1368 wrote to memory of 3744	1368	chrome.exe	88
PID 1368 wrote to memory of 3744	1368	chrome.exe	88
PID 1368 wrote to memory of 3744	1368	chrome.exe	88
PID 1368 wrote to memory of 3744	1368	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://www.jewishexponent.com/2020/07/16/penn-grads-star-in-netflix-hospital-docuseries-lenox-hill/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd3bc9758,0x7ffbd3bc9768,0x7ffbd3bc9778
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1748,i,7287452639235243651,8741447780729103850,131072 /prefetch:2
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1748,i,7287452639235243651,8741447780729103850,131072 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1264 --field-trial-handle=1748,i,7287452639235243651,8741447780729103850,131072 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1748,i,7287452639235243651,8741447780729103850,131072 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1748,i,7287452639235243651,8741447780729103850,131072 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4612 --field-trial-handle=1748,i,7287452639235243651,8741447780729103850,131072 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3928 --field-trial-handle=1748,i,7287452639235243651,8741447780729103850,131072 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5084 --field-trial-handle=1748,i,7287452639235243651,8741447780729103850,131072 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5256 --field-trial-handle=1748,i,7287452639235243651,8741447780729103850,131072 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 --field-trial-handle=1748,i,7287452639235243651,8741447780729103850,131072 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 --field-trial-handle=1748,i,7287452639235243651,8741447780729103850,131072 /prefetch:8
  2⤵
  PID:3832

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3972

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\75b251a4-0c1e-4d0b-b86a-fd0a19b434be.tmp

Filesize
6KB

MD5
72daaca736cf2dd765c94ccea8eb0959

SHA1
e9c5a016cc141f146119f5c92b54eede18dd0aa0

SHA256
bea02e94e1286fbb6467b54f5db2e16421a9d9938a4f1991dd98a4be65ab881d

SHA512
6d26f900b3bda5a54d2c4ed4466cfdf8e7f45b75a7025f2161037a5eecd74e49c6edd2af81f389972c282b278e8a973ef88bf37379b591939ea5c2eaf9d30e11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
162KB

MD5
fdfdaf63d56b4a9cd6641d79f7159fdc

SHA1
18b413d8b6b9f3bec32026b7e9d9f4e5e366922f

SHA256
f4dba3e15f08cf0686e6d89370ed42e8a5dafc38973501f0aa6baa9b93c720f3

SHA512
06fd67f1a2d5f168c75b5b833d3222d6c0eccfadd4021173a7ec7f949971554d1c7df322b1dc512ef14941e76a9ff6445ba3bd16d940be5bc177be989ec39c2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
0fa9f9e03d387b999c1d203f8b025c66

SHA1
d6fed9c989efe3084789e7d335d9081f3e676f66

SHA256
ad6e8bc2e1b60e93a349628d6f169865de6c17b87d32d0ff483555d3639ad46c

SHA512
31f499b98257241f563190a479a4038de77d9d1459b175c86646b8f1d9c8976f95b916c39282d94e87324535ff9456e4b14fd45f38deb5843c86247e4a8e5f3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
56783a4249c72fd3be937b4f24a01bfd

SHA1
484e0b093f63b069da28e2b6da7180044681e215

SHA256
76ba6d16fbc0551d4a96b2e92778a5715913c67020bc7d920e21aef95a670d21

SHA512
4da5e37913083fa1b62ef46b2a8a5c36252be753d205a0ce000f5327cf22a13c98639005f4d3bd541346e8a716f0f2c2fb5dc00f49b931edee68fc2e424cd3b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
419fb08ae747da8fd3bfefd24b3fd8ae

SHA1
8a9d10dbbd77e225ac094a48f16388557925de82

SHA256
f22d4f1078cf17db3e0aed8c4b37766ea11a28097d4d1f17613c970945790751

SHA512
afd59fd1cca9d9cdad6f08696142fae6c6a0c5e784581a4b316b4d41a7266cdb21daf3f2387101fc8895002d722607db89b14ed6bd749af3e05939ff132efe93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
472f75898e12583da46cd645afe2f85c

SHA1
193272df12f4d97a981fa138a28dfe0c02389339

SHA256
e5949dedc9ebdfcba4e71022a5ef24b3f67615226362c3c3c4a837b879de6e1a

SHA512
ba4dfe57589f6f9d5715a193c89980a998bebbb89f5c67d3739860509d9be7cfd5f9f1d3f8c0c59b612ab32d8e634127e378962d0548a6445cebafdb59b415ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
902e9b8dc53e824c5117a0c733a463a2

SHA1
7c4f1c8317010d20d0bfae384d7ff422d2fa1ae9

SHA256
8c2b660dcaeae3a92cca9956af0a02faf040c8eaa6883f7d8487b88fae3f5775

SHA512
1b70890825d2bcbc4d3c5a91b426e1c22862eb6cb3da11be8063759b7a501f0567f4ddb1918e51cb404af8e42f6e192ad7ebf555776a2792a3927ace18a95797

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7ee5d0bec2d03cfbd9c01081fe41d630

SHA1
5f6edd695a20b3617974573088acd82829b726b5

SHA256
86d172b99aa1f51fcca38766367f8b0dc5ddbb6406feafad18a44d5f7aefd045

SHA512
960001f81819d82539a28d40b11210293d16341afe1ff5320b36a99cea60048d503952d5f40320a76f85572aa16fea2083c9e778b36246f698e87a453845c5d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0c1fab47bf22277198f9ce3669cdbb70

SHA1
0e107abed75e627ab0f073d29c0c6748439a1a04

SHA256
3b6d75874f1506458d1845d24052af164f2e9c6d9bf32f9b4325ef4575ee7509

SHA512
22fe70f24ccab8fa304947198f7c7baf5d64a7d25502147a28ce090c87b7d6d15d265caf1304e40d580a1826a2921b0199dc7a09a3ab5072e96d98fad21ee40e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
3ddaeb833eb6410c869a7a3d17601bac

SHA1
64a84a0e41ac17b1613ccb321384d8a8165b44f4

SHA256
49ed53e940b92b5c981269aaf88592ee83da95b75cb35113f006eb5e166ed004

SHA512
27827ab06afa5fd49e0269beac6d6078775895b33595a5573308938c6933bbf54b93c4acd8004669fda7acd7929015b8ae9ce458443bd2c62a65a62f02c996d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit