hxxp://secure-web[.]cisco[.]com/1cg53MbxUBMp2RyIrHkK7sALGeKmwUDepdOWk96h8Lo_dnMEaVheiBwa7s0rhXJaYJXeVnGX9DeBtk99GfxYXtQ5YmcVW8HeDCPEp80VlI8FVWqtccL4n8tW70B3fxgDH35A24PsnZ7bXFWZ_TP-k1hokWjHzS8ktoGJLZelRKA8yXnCYXe-Xl-dFRiXU3tD9i_tuTkJAACI31OmAi5DAXEpHyTX1jDwHvuBqeu3S9DtWE9Ee2vx-rnhj_kzhZTphJ_Db8CrgoQYI_zpF76ZyZwkrUyzwrGfF5sZz4dEKsZmLqGfpERdHCthcGNC4kGrdxfSP8uOynes3ffsqLXqPOlP-FRy1-gNYIMcZ_ULq7owaUJB3_QITCB0u_tK8WbSR/http%3A%2F%2Fwww[.]fredbiz[.]com

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2023, 22:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://secure-web.cisco.com/1cg53MbxUBMp2RyIrHkK7sALGeKmwUDepdOWk96h8Lo_dnMEaVheiBwa7s0rhXJaYJXeVnGX9DeBtk99GfxYXtQ5YmcVW8HeDCPEp80VlI8FVWqtccL4n8tW70B3fxgDH35A24PsnZ7bXFWZ_TP-k1hokWjHzS8ktoGJLZelRKA8yXnCYXe-Xl-dFRiXU3tD9i_tuTkJAACI31OmAi5DAXEpHyTX1jDwHvuBqeu3S9DtWE9Ee2vx-rnhj_kzhZTphJ_Db8CrgoQYI_zpF76ZyZwkrUyzwrGfF5sZz4dEKsZmLqGfpERdHCthcGNC4kGrdxfSP8uOynes3ffsqLXqPOlP-FRy1-gNYIMcZ_ULq7owaUJB3_QITCB0u_tK8WbSR/http%3A%2F%2Fwww.fredbiz.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133295335481239440"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4240	chrome.exe
4240	chrome.exe
3548	chrome.exe
3548	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4240 wrote to memory of 2100	4240	chrome.exe	83
PID 4240 wrote to memory of 2100	4240	chrome.exe	83
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 1964	4240	chrome.exe	84
PID 4240 wrote to memory of 4456	4240	chrome.exe	85
PID 4240 wrote to memory of 4456	4240	chrome.exe	85
PID 4240 wrote to memory of 3644	4240	chrome.exe	86
PID 4240 wrote to memory of 3644	4240	chrome.exe	86
PID 4240 wrote to memory of 3644	4240	chrome.exe	86
PID 4240 wrote to memory of 3644	4240	chrome.exe	86
PID 4240 wrote to memory of 3644	4240	chrome.exe	86
PID 4240 wrote to memory of 3644	4240	chrome.exe	86
PID 4240 wrote to memory of 3644	4240	chrome.exe	86
PID 4240 wrote to memory of 3644	4240	chrome.exe	86
PID 4240 wrote to memory of 3644	4240	chrome.exe	86
PID 4240 wrote to memory of 3644	4240	chrome.exe	86
PID 4240 wrote to memory of 3644	4240	chrome.exe	86
PID 4240 wrote to memory of 3644	4240	chrome.exe	86
PID 4240 wrote to memory of 3644	4240	chrome.exe	86
PID 4240 wrote to memory of 3644	4240	chrome.exe	86
PID 4240 wrote to memory of 3644	4240	chrome.exe	86
PID 4240 wrote to memory of 3644	4240	chrome.exe	86
PID 4240 wrote to memory of 3644	4240	chrome.exe	86
PID 4240 wrote to memory of 3644	4240	chrome.exe	86
PID 4240 wrote to memory of 3644	4240	chrome.exe	86
PID 4240 wrote to memory of 3644	4240	chrome.exe	86
PID 4240 wrote to memory of 3644	4240	chrome.exe	86
PID 4240 wrote to memory of 3644	4240	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://secure-web.cisco.com/1cg53MbxUBMp2RyIrHkK7sALGeKmwUDepdOWk96h8Lo_dnMEaVheiBwa7s0rhXJaYJXeVnGX9DeBtk99GfxYXtQ5YmcVW8HeDCPEp80VlI8FVWqtccL4n8tW70B3fxgDH35A24PsnZ7bXFWZ_TP-k1hokWjHzS8ktoGJLZelRKA8yXnCYXe-Xl-dFRiXU3tD9i_tuTkJAACI31OmAi5DAXEpHyTX1jDwHvuBqeu3S9DtWE9Ee2vx-rnhj_kzhZTphJ_Db8CrgoQYI_zpF76ZyZwkrUyzwrGfF5sZz4dEKsZmLqGfpERdHCthcGNC4kGrdxfSP8uOynes3ffsqLXqPOlP-FRy1-gNYIMcZ_ULq7owaUJB3_QITCB0u_tK8WbSR/http%3A%2F%2Fwww.fredbiz.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebbbf9758,0x7ffebbbf9768,0x7ffebbbf9778
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1816,i,10131420850375823279,4359081901632808603,131072 /prefetch:2
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1816,i,10131420850375823279,4359081901632808603,131072 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1816,i,10131420850375823279,4359081901632808603,131072 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1816,i,10131420850375823279,4359081901632808603,131072 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1816,i,10131420850375823279,4359081901632808603,131072 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1816,i,10131420850375823279,4359081901632808603,131072 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5052 --field-trial-handle=1816,i,10131420850375823279,4359081901632808603,131072 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1816,i,10131420850375823279,4359081901632808603,131072 /prefetch:8
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4760 --field-trial-handle=1816,i,10131420850375823279,4359081901632808603,131072 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5092 --field-trial-handle=1816,i,10131420850375823279,4359081901632808603,131072 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3672 --field-trial-handle=1816,i,10131420850375823279,4359081901632808603,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3548

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1472

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
15230217a038f0f9c710ddd85322541b

SHA1
1f494325a906dd4a13e122ad4131e478d41362d2

SHA256
f063cce1d43d714332ad7d0ecd8e53454947e106d2b2d5a1e7dcf3e64d8d7687

SHA512
39dfa9716a6556f531408f2e3fb77ec9fbaad0c7a0963d4bfe2fca3dffb774c82cdb4d7aaef8f3784573a37e91e75735bc4bc8d26337a564f6bd51e1dbf17db6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
968B

MD5
86cb2e70f30e1eb1a1c142713d911f81

SHA1
09b36ad6c017f8fd5a8dcb67c2f97f136e91868d

SHA256
878e528ccfb5781dad60476e60f2b2ffb1ee66cabeda85a22c9896860e9a55d7

SHA512
02225a5f49b645224bde04d002560cc6b4d2ec21bb05c8c5602c9fde5141a344e15685bf1cd44d0f1320280598f361e2006cbb7a079784763b5d459d6927e305

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4a530085f7bc19baf313db327ac9388b

SHA1
9691cd5744d4fa2355edf59592fc7dcb89330ee6

SHA256
1666b742239f627e8a19c595233185560f3d02538a20697e3631c25de33affcc

SHA512
ede0f6b277e9991c36d4b670e6549613f7aeb560404c018e6ee2ed1fc3fa20cb43d16a92ae071785a3de06ec20baa929cf6435ca0803f12425d558f0f34e4247

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
50cde82e078e9cf26317b8a25d74773d

SHA1
141e349764fca20a6f28a4d1db5889aea0db6705

SHA256
bf7d762463cae662630477efcda4a1c4bd991ec021d45e6bce1b266431b08a57

SHA512
c06b9763e649a01a9dcb79daf9152d7444f8cda6522fd2a7ec2703ec3cf7a35db38e512898479389a867660a2bfb28b7583c2a10901f9cb8688ca0b04fd3a2d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d7a89364173b5d717a28b47b0ae6d107

SHA1
32182f9aca56fa9eea0ee0991817b7d3def4aec0

SHA256
c8fcfa8b06a30b65e6ebfa9efdaa526a3faee22eb926eba3817371e0f4187002

SHA512
0158a788eef6a280fb152587b949a1da8dec3ff26b5727a2511440667d7a69259b77cac916ba6b331c96d165c146c916c20bc8f64f0d864548c28b71eaecbdf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
c59f9ee7e63f286b39005660fa4e40ac

SHA1
8a13f7b0254e084d3d736e154946c95964f200d0

SHA256
ed2eac7b594e25fa84eea328ac656ae2d41e369544b5f08a0e3e2fbaa042ad1b

SHA512
e2c2a240e0389debeba996193ad506e445e0e96ac076bf12ea41cd143774ec299f3903f2213a45474c84310dd52790d3b4e266d5b2c73ec4bed638164a9f0f6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit