hxxp://fakebsod[.]com

Analysis

max time kernel
600s
max time network
599s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
20/04/2023, 09:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://fakebsod.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133264629487002313"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3520	chrome.exe
3520	chrome.exe
920	chrome.exe
920	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe
Token: SeShutdownPrivilege	3520	chrome.exe
Token: SeCreatePagefilePrivilege	3520	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe
3520	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3520 wrote to memory of 3544	3520	chrome.exe	66
PID 3520 wrote to memory of 3544	3520	chrome.exe	66
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 3772	3520	chrome.exe	69
PID 3520 wrote to memory of 2636	3520	chrome.exe	68
PID 3520 wrote to memory of 2636	3520	chrome.exe	68
PID 3520 wrote to memory of 3820	3520	chrome.exe	70
PID 3520 wrote to memory of 3820	3520	chrome.exe	70
PID 3520 wrote to memory of 3820	3520	chrome.exe	70
PID 3520 wrote to memory of 3820	3520	chrome.exe	70
PID 3520 wrote to memory of 3820	3520	chrome.exe	70
PID 3520 wrote to memory of 3820	3520	chrome.exe	70
PID 3520 wrote to memory of 3820	3520	chrome.exe	70
PID 3520 wrote to memory of 3820	3520	chrome.exe	70
PID 3520 wrote to memory of 3820	3520	chrome.exe	70
PID 3520 wrote to memory of 3820	3520	chrome.exe	70
PID 3520 wrote to memory of 3820	3520	chrome.exe	70
PID 3520 wrote to memory of 3820	3520	chrome.exe	70
PID 3520 wrote to memory of 3820	3520	chrome.exe	70
PID 3520 wrote to memory of 3820	3520	chrome.exe	70
PID 3520 wrote to memory of 3820	3520	chrome.exe	70
PID 3520 wrote to memory of 3820	3520	chrome.exe	70
PID 3520 wrote to memory of 3820	3520	chrome.exe	70
PID 3520 wrote to memory of 3820	3520	chrome.exe	70
PID 3520 wrote to memory of 3820	3520	chrome.exe	70
PID 3520 wrote to memory of 3820	3520	chrome.exe	70
PID 3520 wrote to memory of 3820	3520	chrome.exe	70
PID 3520 wrote to memory of 3820	3520	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://fakebsod.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd93da9758,0x7ffd93da9768,0x7ffd93da9778
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1652,i,11798343403862517901,8238956064484468590,131072 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1652,i,11798343403862517901,8238956064484468590,131072 /prefetch:2
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1928 --field-trial-handle=1652,i,11798343403862517901,8238956064484468590,131072 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2760 --field-trial-handle=1652,i,11798343403862517901,8238956064484468590,131072 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2736 --field-trial-handle=1652,i,11798343403862517901,8238956064484468590,131072 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4920 --field-trial-handle=1652,i,11798343403862517901,8238956064484468590,131072 /prefetch:8
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1652,i,11798343403862517901,8238956064484468590,131072 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1652,i,11798343403862517901,8238956064484468590,131072 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=692 --field-trial-handle=1652,i,11798343403862517901,8238956064484468590,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4440 --field-trial-handle=1652,i,11798343403862517901,8238956064484468590,131072 /prefetch:1
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4592 --field-trial-handle=1652,i,11798343403862517901,8238956064484468590,131072 /prefetch:1
  2⤵
  PID:2520

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3088

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
ad584de582cbc400780bd8a29fc96ce4

SHA1
29507652a8e0524e9654e97c56b0799cbcc06af1

SHA256
4a7a482945aad828b436d76470f8c139a61a64530f7a2e5ec1bdd85a335e2ed7

SHA512
fb1e5e1b3af88e6f7047edfa961fb912441165f2eee5e269c270eb9548f7eeb35227cb3b0aa5c0f9e2327702adf45caf7948585947a79ec7f2f8c92f25b57f8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
667a639a6d4c0122f67d69a13022b02e

SHA1
641391e4d8e26dbccd48d7883369428264200763

SHA256
8a2a6cdd6a64f168854be7a8a935a1449539d5d2e05a94dc469c9c8c112aef81

SHA512
ae0f4c4a1e6f74538fc60fc73b6f5a53d05586b7846aa30dc7c95accd3ee924c6306e8247fa0dc57585259139d47eec7029cf7e7643a1c06727d5c5c358f31ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
962B

MD5
c4650f87fad4692bdcaeb3fc9ef47672

SHA1
009b4c4ea0810c3e96ca61f3fe8bf15a1755306d

SHA256
74686a1644c1861fd474f2b5dfebd632c5463c5c5c97867ef9be52cf32c246b1

SHA512
d032269c173eb42f099dcef7c3ab85f91e1ab283e39f3a0e8163cdf9e2d1ed2432072f77bd9bceb3eaa333b30965072c55988a8b86a0b066fe130767d8099eca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
578f0ff3c2c27948c87c426da16ca598

SHA1
c68da91034b827b5a685aed5a6f19ff9c7c35a75

SHA256
cc37f5a12f7c4c562f427b6b860a619b71809d23576e1051518cbe6a7b594dfa

SHA512
5aa0633fa9ed0be02dacfc827e52f8144be8f1de9ac69aff9e75b9e794b45dfa651904ced2afa66a3dbdc78a71fbdedda9ad0b3946b32dc549be4654515eee7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9f6e87bd7c036a0995abeba7ca730199

SHA1
6bddacbb79ec1b80c7b6ca58bc18eb78b50c0cdc

SHA256
26777a6bed1fbf5eaa9c7f7196ad5282038a8d2aa533fc8950fcc1cfad959330

SHA512
d15e3052941c8b17fd656214c79dbed25d9ff2b9891a7bc969878da66429c7ecee465943218124cb6ab494468cd638f935b12929f84bc782c7aaa64852a467e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
60fbb6e44cc39e6daac815d77d2f89a2

SHA1
e0fa9a9368c1fef2a8649864acba30fa771ce1e0

SHA256
70684afabcb8044ef61fadfa7694002e1cbbd8f5738e01fabd5988e7d746fb93

SHA512
616b6f1109c8bccd3e060aff4c326870328472faba1d9086cec39b4df83e9d75ac7ed859c997d56fbaa526e2e966d8079f76907f40cebdafc915cb231387229b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2f8363c0cbbf37c21c0ce1ef575cf2ea

SHA1
2b95cb57f3130f9f2cc88840271a28264c757f2d

SHA256
2b77a1638894e5575b09819927070ee60b64e2ff8e6864cd309a8da87dfe5a82

SHA512
57b7f14b6fb272fcbb7f1da34d3e2db4cb3018b1beffb0f6bc13c3a39bb79938e4d8fad20d2853dc18d96079492571c7ffaf07decfc919710e6377eeed570950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4ac015ebda9d9ccb05db26ef9acd9663

SHA1
a87d5b4c6fe1033da788a2d967a0af95706fa2da

SHA256
d02355b408ea698cf1fb4757534b2894779cf4fd2bc9ad6968be4735280b561f

SHA512
5376b23acb29ed7703d98a23e8badc772722e57b22108a36d6407a55b1d082b4ca4274915b28ea96d84f64fd10e07d9bb19a3ea122a3be81bf3929279c17eef5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5c58f98b195c22e37082b465daea23ee

SHA1
4562724c93e78dff053681dab4b10db252c54dc4

SHA256
e0cb2f4b7a3477586523c2614e8c9e811115be304a879b32fab3b9fa4e365d49

SHA512
2df706d9616af301d24030082d614ccc3538699aa11e35760a64f84f485a413ee220eb01dc5172bfc29779f95b9f7e4bb401c161b310f21845f231ff75b06b54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
f0ade573d5076a52ee8a7c2c4c10f139

SHA1
91a5fdaecd13bc4c9a745342adbdf07e748625e5

SHA256
fbdb8996fb13e4005f4863d7e605bf95d76e6a20b2f7e30d73527aa5126c79b1

SHA512
d4eed019df0fc56dbb6c1ba9cacc61d9155ac89fc8fd8b3298fc95e1591e75f617dfab4d1a013e9de047bd44aa216ab786c227b9d9914db27842318deead5b81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
51f93e3721956687bc4a8547cbab2fff

SHA1
5d59b7283232adbf7608b4fcf566fc0483b5ec59

SHA256
289a3b1787200406d6f07ea85d7eca2469ac18a79adc84012ba5901c77162c62

SHA512
f4d27627fd0ec43b8eab46843742ef9d993b9525e99d4be4a431bd1e46aa635aec0846c2c36a5a229a3752330cf8c323d2c3094634684304d7aa1ea6f61e2e3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit