hxxp://emiguard[.]in

Analysis

max time kernel
150s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2023, 16:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://emiguard.in

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133292541560231231"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\Local Settings	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4320	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1296	chrome.exe
1296	chrome.exe
4964	chrome.exe
4964	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe
Token: SeShutdownPrivilege	1296	chrome.exe
Token: SeCreatePagefilePrivilege	1296	chrome.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe
1296	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1296 wrote to memory of 2236	1296	chrome.exe	84
PID 1296 wrote to memory of 2236	1296	chrome.exe	84
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 4752	1296	chrome.exe	85
PID 1296 wrote to memory of 3136	1296	chrome.exe	86
PID 1296 wrote to memory of 3136	1296	chrome.exe	86
PID 1296 wrote to memory of 2260	1296	chrome.exe	87
PID 1296 wrote to memory of 2260	1296	chrome.exe	87
PID 1296 wrote to memory of 2260	1296	chrome.exe	87
PID 1296 wrote to memory of 2260	1296	chrome.exe	87
PID 1296 wrote to memory of 2260	1296	chrome.exe	87
PID 1296 wrote to memory of 2260	1296	chrome.exe	87
PID 1296 wrote to memory of 2260	1296	chrome.exe	87
PID 1296 wrote to memory of 2260	1296	chrome.exe	87
PID 1296 wrote to memory of 2260	1296	chrome.exe	87
PID 1296 wrote to memory of 2260	1296	chrome.exe	87
PID 1296 wrote to memory of 2260	1296	chrome.exe	87
PID 1296 wrote to memory of 2260	1296	chrome.exe	87
PID 1296 wrote to memory of 2260	1296	chrome.exe	87
PID 1296 wrote to memory of 2260	1296	chrome.exe	87
PID 1296 wrote to memory of 2260	1296	chrome.exe	87
PID 1296 wrote to memory of 2260	1296	chrome.exe	87
PID 1296 wrote to memory of 2260	1296	chrome.exe	87
PID 1296 wrote to memory of 2260	1296	chrome.exe	87
PID 1296 wrote to memory of 2260	1296	chrome.exe	87
PID 1296 wrote to memory of 2260	1296	chrome.exe	87
PID 1296 wrote to memory of 2260	1296	chrome.exe	87
PID 1296 wrote to memory of 2260	1296	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://emiguard.in
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff6aee9758,0x7fff6aee9768,0x7fff6aee9778
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1832,i,16270878575532542713,4130066907718293088,131072 /prefetch:2
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1832,i,16270878575532542713,4130066907718293088,131072 /prefetch:8
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1832,i,16270878575532542713,4130066907718293088,131072 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1832,i,16270878575532542713,4130066907718293088,131072 /prefetch:1
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1832,i,16270878575532542713,4130066907718293088,131072 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=1832,i,16270878575532542713,4130066907718293088,131072 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1832,i,16270878575532542713,4130066907718293088,131072 /prefetch:8
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1832,i,16270878575532542713,4130066907718293088,131072 /prefetch:8
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4924 --field-trial-handle=1832,i,16270878575532542713,4130066907718293088,131072 /prefetch:1
  2⤵
  PID:324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1832,i,16270878575532542713,4130066907718293088,131072 /prefetch:8
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4612 --field-trial-handle=1832,i,16270878575532542713,4130066907718293088,131072 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2852 --field-trial-handle=1832,i,16270878575532542713,4130066907718293088,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4964

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4796

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2604

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\s\sqlcl\bin\version.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4320

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
42dfcb9a471f90dc8a90081ec6496932

SHA1
6abfb6f6fa14fca3b8544d5842d0698ab48dc555

SHA256
052c1d5977d90a764953d5c9c5646663da00d290a72f0e8274a2b86e0566d330

SHA512
67566c20a04d3b67b5623c1d90c38947ff9f54cb85167e8bcdab56cc4831ae9da2d86f7002d319c8b00d12d7c7805c5a83cff7e393ed7a663e42f9ceecb1c250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5e37716bdaae4abf50ee67fad859205f

SHA1
ad649e70369e7a1773dbafdb998a07c95cc6100c

SHA256
f0bf590be0f5ed6b5d998ca621d7cbd17a895113bd4961f16bb8c9a13fbc547b

SHA512
e24d2ab02aa7602cd74d3e7022926b8da2622f1996dcd36432939dfcc75ad9c4ba2f521a241e61c0d076ee0bf2a4193c0f20941a545aa75a5856c7ded7ec6f73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
702B

MD5
66c445c16537114610dea76a3634a44f

SHA1
1505db19c1f9c61d4abc655153e917b16498ac75

SHA256
19ad7ae80edc97bad404ddd723c6b824741fa4762e867414f06a6ac73814e8f7

SHA512
0ad50f84d0c75ec09b0dd7b358d74ea8218d1f19341403b6cfa272c0c74abca04ab7d72a8732a92745d3c3549d36726d1532a991a3a49a5647ccca1b06c1f429

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3be296087403b3a4e5ec73f48267dac3

SHA1
5e50a820be012b5ffd00f88392d881a2e5f5dbb2

SHA256
17c1f6d701aed4b65e0fddecae56c9bed6ae7dd527abbc689821f46b36f54449

SHA512
bce7bc620d47a114c7047c4b76fc28ce06510a0a23d1b38ec3614818e6fdc489dcd0322495ca226ea850c5b2ec46fce8b50eeebac1d31e04e943c1584e8537ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c76d97297c5facc4ab46a88506e4d2de

SHA1
17253e0a91cf77502a94293a808758788ac5cfb8

SHA256
bb35b370d8659e473895c4c461b465188fd6122c36a8577f60e6714aa008a85c

SHA512
2446a807ee902867659b0d1b6a6538bf7d0491ad554497b70a7b27763752d9d104a86a9859431bf9395f75414bec6b6af0de2a716b987dd8a60b37776a4151cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5bb1a0cfa808783f062a92b36f43ccda

SHA1
8cb6f99a039e4e23df732c2433006d8e060e1dd9

SHA256
6ad8636b24ac011ad295f9527b57d36629e98c1a86c8293ea53535c7395d7666

SHA512
23df6e4c772bc4af68b4d7cbb294e3400291c2ff2b2708a9fe75e0c2c5567f5484cbb3acbcc225ba9bd3c953e8e4056d910c881b187e1fc58ae16027eee66a08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
91839149a277d94f2715ebb3df177829

SHA1
a53057292e06985888d0ca95911cf2a086d33e3d

SHA256
2a86be0111e5805d13c7c52ffcf21a5d5c8c476e518564c7125fd9b2c26e51eb

SHA512
950637f28eb2904cea4a01f722b2d988a273132735010bd2c94269b2903a7c39d08ac05ad7e0d27959732de50a795a62e82a8dafa818257c76f8cdcc89914c52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
be5caedfd850458586ce23ff4f10398d

SHA1
fcc4ef37beadc22b6a5ac3854f430352c608eba7

SHA256
baa317d7a64552382ca7d1c86704406d0bf321f2d0fcc8a151124ef9b87b0a1b

SHA512
a42ae55e5628e368e3b791dde52e5df61ed2b5926d9537166cc7932d9fe240f93af1dd9e05f8bcb8add3d371dddc003c386788ec016d50ca0ae97bd42567a19a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
bba3bb6077ca39a8fcc2f5373c4d95ee

SHA1
67c9ca21e8dab41d672bffaad029f7fa61c135bf

SHA256
7570e77a30f09d3a6de69ae7ce7b941e543fe2d8e50bc75e550c9cb88bfede85

SHA512
8541ee998c83b1355cad4761483e2bb73ce5dd6315b22d80f09088cc8cb9380a0fa0d1ea9100da609f37eb1a9872670fd81c833e96de45b20680fc024ba8c6e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit