hxxps://m[.]filecoinus[.]com/

Resubmissions

26-04-2023 15:03

230426-sfc78sbh9x 1

25-04-2023 21:58

230425-1vx5ysfa5y 6

25-04-2023 16:00

230425-tfx33sbc92 1

25-04-2023 15:35

230425-s1mx6sbb53 1

Analysis

max time kernel
299s
max time network
282s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
25-04-2023 16:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://m.filecoinus.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133269192511380043"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3664	chrome.exe
3664	chrome.exe
224	chrome.exe
224	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe
Token: SeShutdownPrivilege	3664	chrome.exe
Token: SeCreatePagefilePrivilege	3664	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3664 wrote to memory of 4160	3664	chrome.exe	66
PID 3664 wrote to memory of 4160	3664	chrome.exe	66
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4260	3664	chrome.exe	69
PID 3664 wrote to memory of 4200	3664	chrome.exe	68
PID 3664 wrote to memory of 4200	3664	chrome.exe	68
PID 3664 wrote to memory of 4184	3664	chrome.exe	70
PID 3664 wrote to memory of 4184	3664	chrome.exe	70
PID 3664 wrote to memory of 4184	3664	chrome.exe	70
PID 3664 wrote to memory of 4184	3664	chrome.exe	70
PID 3664 wrote to memory of 4184	3664	chrome.exe	70
PID 3664 wrote to memory of 4184	3664	chrome.exe	70
PID 3664 wrote to memory of 4184	3664	chrome.exe	70
PID 3664 wrote to memory of 4184	3664	chrome.exe	70
PID 3664 wrote to memory of 4184	3664	chrome.exe	70
PID 3664 wrote to memory of 4184	3664	chrome.exe	70
PID 3664 wrote to memory of 4184	3664	chrome.exe	70
PID 3664 wrote to memory of 4184	3664	chrome.exe	70
PID 3664 wrote to memory of 4184	3664	chrome.exe	70
PID 3664 wrote to memory of 4184	3664	chrome.exe	70
PID 3664 wrote to memory of 4184	3664	chrome.exe	70
PID 3664 wrote to memory of 4184	3664	chrome.exe	70
PID 3664 wrote to memory of 4184	3664	chrome.exe	70
PID 3664 wrote to memory of 4184	3664	chrome.exe	70
PID 3664 wrote to memory of 4184	3664	chrome.exe	70
PID 3664 wrote to memory of 4184	3664	chrome.exe	70
PID 3664 wrote to memory of 4184	3664	chrome.exe	70
PID 3664 wrote to memory of 4184	3664	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://m.filecoinus.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffee4459758,0x7ffee4459768,0x7ffee4459778
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1744,i,13189343800395563231,9525588655617786409,131072 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1744,i,13189343800395563231,9525588655617786409,131072 /prefetch:2
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2124 --field-trial-handle=1744,i,13189343800395563231,9525588655617786409,131072 /prefetch:8
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1744,i,13189343800395563231,9525588655617786409,131072 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1744,i,13189343800395563231,9525588655617786409,131072 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4216 --field-trial-handle=1744,i,13189343800395563231,9525588655617786409,131072 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3228 --field-trial-handle=1744,i,13189343800395563231,9525588655617786409,131072 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4288 --field-trial-handle=1744,i,13189343800395563231,9525588655617786409,131072 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4308 --field-trial-handle=1744,i,13189343800395563231,9525588655617786409,131072 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1744,i,13189343800395563231,9525588655617786409,131072 /prefetch:8
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4300 --field-trial-handle=1744,i,13189343800395563231,9525588655617786409,131072 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2352 --field-trial-handle=1744,i,13189343800395563231,9525588655617786409,131072 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3656 --field-trial-handle=1744,i,13189343800395563231,9525588655617786409,131072 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 --field-trial-handle=1744,i,13189343800395563231,9525588655617786409,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:224

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1292

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
688B

MD5
73f0896932c7487b86f34e3a53c02414

SHA1
e2ec71376d28eeb2576b62098deff6502cdc3de7

SHA256
ca513405a71e41785defeadaffa2d18e205eff78ba3a60be87af9ff248c28525

SHA512
ce59203d97204bcd5bbdd540bede303487915db5afc979e61906b2dc41852f945b000837a0e8e4b6400ae201bbf1e340c06da77868d190c223aaa10be6a713cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7124f9d91957c7209db4b4295f309a9a

SHA1
a45db8699f9585a8c49c2be753f0edcc3ec12702

SHA256
c702180697a4b0f481c5a292b134107de784c3958f3fe05453a68024c9768fc7

SHA512
29bea81401421ddfd2044783ba8a7a0ab52eb6c54d85c1922a8fedd91f6c7a07c795bf0de747296fa4a42bd64ca2e780d12b835ded0ddc34a5973219772cd7fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b19ff6d7f3f7c4600886067acfec4cad

SHA1
e275f33f9f23e1c300ca0a8c06a52030f7a22f6a

SHA256
0a2a2806fae74c1656afdd7fdc59187b903dcb8a9574adc7b8ea9b8129907f2a

SHA512
92aa326fb378bf3a6cfb1eeebda24b2c070f348477e521820df35915f2003f88a464ba9a8f20423cb2a2d8867c185e4135a0689a2425af762f52294ee058675f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8fba0e1bc8e107735eef9ce04285aa4a

SHA1
b535b33d8cdbbdd6f06faaf56cc16af567845c23

SHA256
a88c2fcf4411cb23942e44b680ca2be5cba695843c8eb5b617d782e897fd49d9

SHA512
97266edeba51c020a3740025e5c41734a9da791e8b479c5d92c95f2c9dccfb89d6abad2bde4883f486c330799390b8e56832ab8500d5be016e6d464491aaef4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1d1623d28f8ef38b2004146c85236085

SHA1
0765ff3f83047d71f94e044bb56b47624766e517

SHA256
79405183ab70ca3fac3991e0578062222c325ea9fc4ce4dfd01e99dbbd869066

SHA512
28efbe531940cda946d7ad8037914577049bac4c3fa46f103d7b52a66598a8dfb5c656d6c937d8624241c98af84c5e0cee9f55fdcc8f5c1f3f59e6efe363f975

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8cc63b7be1ecd0bacd25c3343111a6f5

SHA1
1f1611c00c7907375dbc45987c1d246be3f478cf

SHA256
672f64ab8175f8be03aa06fbe093c53fc101d7b47a7864d7e5c90d13a999f53e

SHA512
c6119cd64fc0a657e1c029991aadbf597b3b67a6411ae56430ca67bdcc6f36bf2bf5cedd5a01e2096672121e82a1c475f04d1a8dd2bb29b1f013ee321dc6f9a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
56a1799464f834baa4fa15ee10ef4431

SHA1
75a451b7ee9b94f29e40d306eca17bfbb8dcf881

SHA256
acc3ab6bb2b5aeaa6f38ff1335d398713844bbf37f41dfdba055619aedbb42ff

SHA512
682e847c009f82133a919e19683543386fcdb293a4b99d12cca49618ddff90afc124f10071250c07dbcd3d5d15b690c9dc9740d53162aa461f3d7bf9f1f0246d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
bc593b95004c2ab088d3732fec361aba

SHA1
b16583ac77e2c7a8a2b087157aa6716694d6cecf

SHA256
5367aed50ff4443d24f6def0611e60a6e8a5818a61dd97fc03c3d08dcf9ab7ff

SHA512
79654ca2ad03922fe5785c4d73a886bf3313501adbe6bb09d16277dcb85008223e257569acb6788d4d3c0fe72d22e09b686960169f01ba831115d2733a1fc869

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit