hxxps://myalumni[.]mcgill[.]ca/redirect[.]aspx?linkID=805890&sendId=208699&eid=228301&gid=2&tokenUrl=hxxps://gamaimobiliare[.]ro/ndwa/auth[//]tjmdwl/YnJhbmRvbnNlQHVjY3UuY29t

Analysis

max time kernel
1800s
max time network
1690s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
19/05/2023, 04:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://myalumni.mcgill.ca/redirect.aspx?linkID=805890&sendId=208699&eid=228301&gid=2&tokenUrl=https://gamaimobiliare.ro/ndwa/auth//tjmdwl/YnJhbmRvbnNlQHVjY3UuY29t

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133289440378949061"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
3320	chrome.exe
3320	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4464 wrote to memory of 1632	4464	chrome.exe	83
PID 4464 wrote to memory of 1632	4464	chrome.exe	83
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 3764	4464	chrome.exe	84
PID 4464 wrote to memory of 2908	4464	chrome.exe	85
PID 4464 wrote to memory of 2908	4464	chrome.exe	85
PID 4464 wrote to memory of 4776	4464	chrome.exe	86
PID 4464 wrote to memory of 4776	4464	chrome.exe	86
PID 4464 wrote to memory of 4776	4464	chrome.exe	86
PID 4464 wrote to memory of 4776	4464	chrome.exe	86
PID 4464 wrote to memory of 4776	4464	chrome.exe	86
PID 4464 wrote to memory of 4776	4464	chrome.exe	86
PID 4464 wrote to memory of 4776	4464	chrome.exe	86
PID 4464 wrote to memory of 4776	4464	chrome.exe	86
PID 4464 wrote to memory of 4776	4464	chrome.exe	86
PID 4464 wrote to memory of 4776	4464	chrome.exe	86
PID 4464 wrote to memory of 4776	4464	chrome.exe	86
PID 4464 wrote to memory of 4776	4464	chrome.exe	86
PID 4464 wrote to memory of 4776	4464	chrome.exe	86
PID 4464 wrote to memory of 4776	4464	chrome.exe	86
PID 4464 wrote to memory of 4776	4464	chrome.exe	86
PID 4464 wrote to memory of 4776	4464	chrome.exe	86
PID 4464 wrote to memory of 4776	4464	chrome.exe	86
PID 4464 wrote to memory of 4776	4464	chrome.exe	86
PID 4464 wrote to memory of 4776	4464	chrome.exe	86
PID 4464 wrote to memory of 4776	4464	chrome.exe	86
PID 4464 wrote to memory of 4776	4464	chrome.exe	86
PID 4464 wrote to memory of 4776	4464	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://myalumni.mcgill.ca/redirect.aspx?linkID=805890&sendId=208699&eid=228301&gid=2&tokenUrl=https://gamaimobiliare.ro/ndwa/auth//tjmdwl/YnJhbmRvbnNlQHVjY3UuY29t
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffede549758,0x7ffede549768,0x7ffede549778
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1784,i,8540918877543426407,14990667405330931667,131072 /prefetch:2
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1784,i,8540918877543426407,14990667405330931667,131072 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1784,i,8540918877543426407,14990667405330931667,131072 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1784,i,8540918877543426407,14990667405330931667,131072 /prefetch:1
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1784,i,8540918877543426407,14990667405330931667,131072 /prefetch:1
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4704 --field-trial-handle=1784,i,8540918877543426407,14990667405330931667,131072 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4784 --field-trial-handle=1784,i,8540918877543426407,14990667405330931667,131072 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3900 --field-trial-handle=1784,i,8540918877543426407,14990667405330931667,131072 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3312 --field-trial-handle=1784,i,8540918877543426407,14990667405330931667,131072 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 --field-trial-handle=1784,i,8540918877543426407,14990667405330931667,131072 /prefetch:8
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 --field-trial-handle=1784,i,8540918877543426407,14990667405330931667,131072 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3320 --field-trial-handle=1784,i,8540918877543426407,14990667405330931667,131072 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4668 --field-trial-handle=1784,i,8540918877543426407,14990667405330931667,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3320

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3956

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
4fb7fcfcf54655523aa1b66066170a72

SHA1
188f35ed0bbe2de62c372c073800552b55fa65aa

SHA256
a67b9e81f2e028bdc654a6879d805b060f035602c8057a71a62acdd912009714

SHA512
0423faa968e50155b6a65c8f2fb20125bde7dbac95f0f7565af54dc5c9e21facb5e57b90f7e3435899e2bccf5fe1d8e70875fd778a99121a0c0579120713bce5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ee9ef1ca014e10fc0a27ccf141d4beac

SHA1
4e6b8b84e44db5039d714bfd92fb52133ce97fb8

SHA256
38b9edd29feaf74426050908a4008a0219986a8a5d641da4bf6188d13fa0cfd0

SHA512
7728839aa8962b05b42d286314b6152beb44e381b1067068b99a5d6467b6b1be2deaa9ce089843727923a336025e66b3264699de8392a9cc8f0e61d0461a703d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0fc1052c8c079956215502e56d7b3bdd

SHA1
7c145cc83c3dd0fbd697e9ab88c17bd1bce41323

SHA256
0f6a28db94aa6c61d2712d37ffd5611e5f4b36c438440dc5d83b8620241a9410

SHA512
21047cc551b526217fcaf81a006a554301235e70dfa1785ecb1606c9137b3f19292ced171afcaf70998ae538ca1062e16fe737eba5614a3c9aff25fbb7900fc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
96c5047a77fc9051271b79ae049cab9b

SHA1
929993bb225258f202f0f5405a0885e82f299e37

SHA256
3c724a5d107b0c582d74622c42a0727335ba896a27cac41ca94c28c3018edc9e

SHA512
bf07d50e3d3e69ca3c2c121a7a5ee932ad0d3092dc770ed7adde16b904be1b1c812d344cb0f39bee5948693737f7ada61d7c6b12a085102d83c5e0d1a8b9365c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fbf709bdcbc2be17161b0697af2aef83

SHA1
1a2b1dabfa977bb9ad43b55e5820dd16aa670d20

SHA256
abf5149f49da04530da9e411e0aa94ca73e2f7387c5e855c8010ca26411b8783

SHA512
ae71cbbf7c71f6818b0155b89d475ddc630a6f867e79d7741a69b840bc8fe7786ebe15c549dd8874e93fcfcf71539581fe4a439e4d5ca3623fb5dcd2bd0d469f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
824c588fb87078bf2b65719b78b195b1

SHA1
ed49b1572999c9196854ad66f351a15d60bbc54b

SHA256
7d9833e6189c90d79f38ad6ddab77ab985204e9419fc014bc70793c915a29b26

SHA512
b61d81df534b972ed9f674faa4c0c262356ba399e30695e195e4f02eafdff8e6f6f2863ed0f607ecb1ebc81a6f1c331d7df7f9127c68d70731192c68f53b3908

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f5d9324b61be7568ada8df946ad1eb94

SHA1
28a64ca563ec2138ae7f37328063a439bf73cd4e

SHA256
4b246ce082179d687cf3b9e508368197f9f7a7aaf4e9a9e8f51eb3505cd90572

SHA512
d41bdd970a937e9449226b93163d1e9e9e996cd6b1cb3cada5b9b10ddd497aabfdee01ba23cda5f6c246211feadec5a5b1d9d2602c931b11e1f263d2f044eacc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
0127f774cc327ca3eb23e3aa2f94e995

SHA1
602db8cd423227c8e6fac509f1cee741366f752f

SHA256
13276d9442c0b20164d8cf21d463053db08581a13c3833d74208a52242e73d36

SHA512
b7e4edae05d68e02f48a94ce08b12657842657602bd214e7b5c19e795d5b5eda27b483382cb473d35e6aa22415487fd07856c9cba9d726eea467b6ebdad97296

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit