hxxp://cf-ray[:] 7ba7b66d69ea997a-FRA

Resubmissions

19/04/2023, 20:31

230419-zaxg9afb6x 7

19/04/2023, 20:17

230419-y2sgyadc26 1

19/04/2023, 19:58

230419-yp65kadb39 1

Analysis

max time kernel
270s
max time network
247s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
19/04/2023, 19:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://cf-ray: 7ba7b66d69ea997a-FRA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133264151549395345"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
2640	chrome.exe
2640	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4120 wrote to memory of 4148	4120	chrome.exe	66
PID 4120 wrote to memory of 4148	4120	chrome.exe	66
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 3180	4120	chrome.exe	68
PID 4120 wrote to memory of 1880	4120	chrome.exe	69
PID 4120 wrote to memory of 1880	4120	chrome.exe	69
PID 4120 wrote to memory of 4756	4120	chrome.exe	70
PID 4120 wrote to memory of 4756	4120	chrome.exe	70
PID 4120 wrote to memory of 4756	4120	chrome.exe	70
PID 4120 wrote to memory of 4756	4120	chrome.exe	70
PID 4120 wrote to memory of 4756	4120	chrome.exe	70
PID 4120 wrote to memory of 4756	4120	chrome.exe	70
PID 4120 wrote to memory of 4756	4120	chrome.exe	70
PID 4120 wrote to memory of 4756	4120	chrome.exe	70
PID 4120 wrote to memory of 4756	4120	chrome.exe	70
PID 4120 wrote to memory of 4756	4120	chrome.exe	70
PID 4120 wrote to memory of 4756	4120	chrome.exe	70
PID 4120 wrote to memory of 4756	4120	chrome.exe	70
PID 4120 wrote to memory of 4756	4120	chrome.exe	70
PID 4120 wrote to memory of 4756	4120	chrome.exe	70
PID 4120 wrote to memory of 4756	4120	chrome.exe	70
PID 4120 wrote to memory of 4756	4120	chrome.exe	70
PID 4120 wrote to memory of 4756	4120	chrome.exe	70
PID 4120 wrote to memory of 4756	4120	chrome.exe	70
PID 4120 wrote to memory of 4756	4120	chrome.exe	70
PID 4120 wrote to memory of 4756	4120	chrome.exe	70
PID 4120 wrote to memory of 4756	4120	chrome.exe	70
PID 4120 wrote to memory of 4756	4120	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" "http://cf-ray: 7ba7b66d69ea997a-FRA"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb15c69758,0x7ffb15c69768,0x7ffb15c69778
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1352 --field-trial-handle=1936,i,633223238244274968,17024613975166397484,131072 /prefetch:2
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1736 --field-trial-handle=1936,i,633223238244274968,17024613975166397484,131072 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1832 --field-trial-handle=1936,i,633223238244274968,17024613975166397484,131072 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1936,i,633223238244274968,17024613975166397484,131072 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1936,i,633223238244274968,17024613975166397484,131072 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4416 --field-trial-handle=1936,i,633223238244274968,17024613975166397484,131072 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1936,i,633223238244274968,17024613975166397484,131072 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4716 --field-trial-handle=1936,i,633223238244274968,17024613975166397484,131072 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 --field-trial-handle=1936,i,633223238244274968,17024613975166397484,131072 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1936,i,633223238244274968,17024613975166397484,131072 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1936,i,633223238244274968,17024613975166397484,131072 /prefetch:8
  2⤵
  PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1936,i,633223238244274968,17024613975166397484,131072 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3732 --field-trial-handle=1936,i,633223238244274968,17024613975166397484,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2640

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4392

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1015B

MD5
65391da48dd0920302e60e31dd835664

SHA1
bd781e5aa596ef6d44f49127d9f05c9b8f71a87e

SHA256
f16f8745cf21934fe1117f2928864b30378fc7cc8cbecaf53bd488c4e0d4ad5c

SHA512
203e00b73f65a091447e5a8ce7ecf46dcd0f66e85fbf10c10188977c1127185c30255c663ba8cdafda80ef357af1af89ea7c99eee3866d8d8d40dc0af3f3b845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
8f3e7eae3d42ef10685ebb516fbf8933

SHA1
eb7bcbb6f779e1f7c49069fb9f2700048f7849ed

SHA256
52b1d6c1cd646fdfc19b18d4ad4a87a1ee3d52b3acb554ec332eed8a375b6265

SHA512
39495a9d6a3df1f8825891cf7ac8ea095541fdc4446223f58f625339a139e5424c59c9173140e7f678c64bc4992dbbaf326c5860b0c7e572f288b955f933c681

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
abc63cbd3c2e29ad6888bb6741c90049

SHA1
ee184918c6b72a8c355a01c7e743ef60820b0c68

SHA256
fa7e03efcd48e2e26f8420c74246c67c21591cd68c96788ea5c47a224d3bd316

SHA512
59bd5172ffe718da5bbfdb4ab23abfcc1dac0401d2f3c9d2676fd17a98a2751cdc5d9d7d0b2b4f7fbaed0483ffe840ffc5af9f501411690129ee414d559347b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9f3e2bb93dc5a02bdd9ac768d6c0b9dd

SHA1
970b7e8d65580269007585312e15025fed86c670

SHA256
1259fae9db25c51c3aac13651c9e4f07ac56f62c85f3fac3e51e3379c4b5d8df

SHA512
3a57b2ff3e8a4d6de6f3ea226740c51139e1bf6d10ca2ef59d12b977fce8c82c2271cdd41a59c86e72ea8b6e0cd8a75d8dd627a92619feb822b222174891a1cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cf5a8c542289de3c71a67751aa248420

SHA1
d30e9ca0b7188b18815844a5dc42b18de1d99d1a

SHA256
3dea2199c30fb1716806957bcb247e54f8fced61ba8ccb20f539e3350a4756fe

SHA512
a72ee1f912d8dad92df59ddc81b1faaf099b777cc30ac8b234c026d726eac7921e5f55555544992f1f60ed361c346d5ff77b93a1d6de91c375a5f49b3e501231

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
3ab229f52e3e85964a2c03e61e4941ea

SHA1
8b61230b2b5fc01f6075cb18f69a5dc43fba6c38

SHA256
c156e8e47d9e7cd68626bed87a51af5bad140679ee30d086cb22039c813a8528

SHA512
e391b2aab71e6f74263575ab78cd55fcd27a5daba5d271fcdcf321489b84bd35b63a123ace8ef4c714eb3421166403062cbb4a7a175785e0296ad50e871c2047

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
f97bc4d1fa6478e674485576d7aa996c

SHA1
61dec441ce106b9f1903ecc215db02547aacf2db

SHA256
d8a5f93716ffc46166026fc5546a229d9ef34bde255a689fc5ed1a7f1e6e4e6e

SHA512
28abca3757879f0fd85e0f1a6b7b39b65ee0c1f30f619307252a36f0f9cb299be1816e49043694361e22bc011c774c8130cfb2082acc6f35e0e0f58e9110b89e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
bc7aaf181fe550e117cd56f0a1fb9eba

SHA1
d6c0d3ac6ebf42251a703aad8a75b3bbe7d40f91

SHA256
78e0938764b43a3a1fb4226300ec2571a9f80c031944375aa7d099d405cfe002

SHA512
503b5fd99c30c94fc2f49120bb44414445a01314e54951af912347456f2acb4a01f128be4a1ddccc0924c1314f92264f568b9f24deec1801261f17e8510f55c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
be6ed3eff874580ddc0b2ec229d3e244

SHA1
42d3473f8d000fd12409f8b510d69f73ceabbb5d

SHA256
31304579b4376e70e15f052b69804493e54fdcbc939914f9eda30cc74791d1ab

SHA512
b5f435f10170ff908a831ba0d58fbd05896a6ab48c2ef87afa437f3ab82c0113fe054f152ef619f4cbba243e38c8046b00c6453ea98d3de4a8b9746aa07919e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit