hxxp://vk[.]com/away[.]php?to=https%3A%2F%2Fhealthplaner[.]sa[.]com%2Fnew%2Fauth%2Fvcffc5%2F%2F%2F%2FY2hyaXN0b3BoZXIuZnJpZXNlQG1zY2kuY29t

Analysis

max time kernel
149s
max time network
147s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
12/05/2023, 09:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://vk.com/away.php?to=https%3A%2F%2Fhealthplaner.sa.com%2Fnew%2Fauth%2Fvcffc5%2F%2F%2F%2FY2hyaXN0b3BoZXIuZnJpZXNlQG1zY2kuY29t

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133283580067233856"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1780	chrome.exe
1780	chrome.exe
2544	chrome.exe
2544	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe
Token: SeShutdownPrivilege	1780	chrome.exe
Token: SeCreatePagefilePrivilege	1780	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1780 wrote to memory of 2148	1780	chrome.exe	66
PID 1780 wrote to memory of 2148	1780	chrome.exe	66
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3116	1780	chrome.exe	69
PID 1780 wrote to memory of 3096	1780	chrome.exe	68
PID 1780 wrote to memory of 3096	1780	chrome.exe	68
PID 1780 wrote to memory of 4824	1780	chrome.exe	70
PID 1780 wrote to memory of 4824	1780	chrome.exe	70
PID 1780 wrote to memory of 4824	1780	chrome.exe	70
PID 1780 wrote to memory of 4824	1780	chrome.exe	70
PID 1780 wrote to memory of 4824	1780	chrome.exe	70
PID 1780 wrote to memory of 4824	1780	chrome.exe	70
PID 1780 wrote to memory of 4824	1780	chrome.exe	70
PID 1780 wrote to memory of 4824	1780	chrome.exe	70
PID 1780 wrote to memory of 4824	1780	chrome.exe	70
PID 1780 wrote to memory of 4824	1780	chrome.exe	70
PID 1780 wrote to memory of 4824	1780	chrome.exe	70
PID 1780 wrote to memory of 4824	1780	chrome.exe	70
PID 1780 wrote to memory of 4824	1780	chrome.exe	70
PID 1780 wrote to memory of 4824	1780	chrome.exe	70
PID 1780 wrote to memory of 4824	1780	chrome.exe	70
PID 1780 wrote to memory of 4824	1780	chrome.exe	70
PID 1780 wrote to memory of 4824	1780	chrome.exe	70
PID 1780 wrote to memory of 4824	1780	chrome.exe	70
PID 1780 wrote to memory of 4824	1780	chrome.exe	70
PID 1780 wrote to memory of 4824	1780	chrome.exe	70
PID 1780 wrote to memory of 4824	1780	chrome.exe	70
PID 1780 wrote to memory of 4824	1780	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://vk.com/away.php?to=https%3A%2F%2Fhealthplaner.sa.com%2Fnew%2Fauth%2Fvcffc5%2F%2F%2F%2FY2hyaXN0b3BoZXIuZnJpZXNlQG1zY2kuY29t
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9fee69758,0x7ff9fee69768,0x7ff9fee69778
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 --field-trial-handle=1720,i,6825620975699036704,9179101581157718207,131072 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1720,i,6825620975699036704,9179101581157718207,131072 /prefetch:2
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1720,i,6825620975699036704,9179101581157718207,131072 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2724 --field-trial-handle=1720,i,6825620975699036704,9179101581157718207,131072 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2732 --field-trial-handle=1720,i,6825620975699036704,9179101581157718207,131072 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4388 --field-trial-handle=1720,i,6825620975699036704,9179101581157718207,131072 /prefetch:1
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4556 --field-trial-handle=1720,i,6825620975699036704,9179101581157718207,131072 /prefetch:1
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4288 --field-trial-handle=1720,i,6825620975699036704,9179101581157718207,131072 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2784 --field-trial-handle=1720,i,6825620975699036704,9179101581157718207,131072 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4640 --field-trial-handle=1720,i,6825620975699036704,9179101581157718207,131072 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 --field-trial-handle=1720,i,6825620975699036704,9179101581157718207,131072 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 --field-trial-handle=1720,i,6825620975699036704,9179101581157718207,131072 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3008 --field-trial-handle=1720,i,6825620975699036704,9179101581157718207,131072 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1720,i,6825620975699036704,9179101581157718207,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2544

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1456

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
23269b15918ccda036267798ba02d2ef

SHA1
d4c3247bf827dc187cda696c682cc61e6931f0ed

SHA256
a8716b52f67c7e92c4ddefdff93eab7569cdef20f952cd7b1d6a6a44b269a997

SHA512
641e0c460d888e8b8a81020f98ab343f3c3058cdef678637282dc0b4e70612480aa9fb3bb81378d12d607ce2d100d2e33a7f2ec939402f7be66c6586fdf8fca0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c7c2023578145e5f7a2bf016cf3b2bda

SHA1
5f2853bc1d862f421e5561b5739d301a88f7a552

SHA256
989d1109004b19aa01f6d3e711113577f2431be186372ee9250cca91971cc520

SHA512
fd09abf446c2464a238a0c52fa8b98d7b8290f65df7a3a689b600fe149fe42953a4b54c00ce62763b1a5314bf0c496b04457d6b5856df6b9adbc23aa2f2c38f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
2dd4c2c93699505b27b303cfca5d32c7

SHA1
c75267d4bfa1e4e0b448c3bd5efc51258e78ffb9

SHA256
beeb7a0834de42ed2437b8fc176d62eaf017d4ff17bc9b1814e80b3d23613023

SHA512
214abe6f0337d2b7dd729db4de8c030d534032986dc7e58f5b1d7493dd2c3be7f2e6fdf7301cd158ffed32888478ec31cda3f166b7aff3d686098711fd66ab57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
188ae992a7b96100ae878cfc90adaa6f

SHA1
f93148b0777c2d3bc204c07e0048aa6ba906fede

SHA256
5db442cf140f3443635952be2892c7cd1a48bb77fe1be0ba7d36af196e009bd9

SHA512
22d532d812e4ac09f80cc6e4a056bb19dbd68c7d51927c639f2b858a1133663ac650047bdd9a439dce4c236b63353097d555a2722c5fbd4e16005d4be3c3c860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4dbc5b69d1f086b003cbf0f4566accf7

SHA1
ad44e05113bb0158b10b159c573fe3d8ad00d9b2

SHA256
e76abb65de4cda40fcfb57755d4858f140b277619d8133a02bdf3168f6c203e9

SHA512
a7222123254b5122df90c239f022dca96ce5fc90df5315dd0cda69073b3868fac2b30a75a83eff0b1e0049e9b9fe87d4c930d6cd64f9d4d70cb486c417bf0503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
4bce35df4023cfcf253bd615c0d78585

SHA1
21453cf9908db422436195b5ac09efded53eefe9

SHA256
b3353967cf096aec6df1dc007d28b5b1ff5a9ed9c7078fb42183e67d345ecd64

SHA512
b0f3d32852e6a1f31a60d048b12865d63e8f34162b0f9c6c012827ab62acfd8fbfbdb541b19b41afcfbf0ac6cf7091cf4fe2ddd5c4e7d79fc8f7af93c0f11f6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit