hxxps://come[.]scriptsplatform[.]com/away[.]php

Resubmissions

30/05/2023, 19:17

230530-xzg3rabc84 6

30/05/2023, 18:17

230530-ww794abb28 6

30/05/2023, 18:16

230530-wws56sbe2w 1

30/05/2023, 18:13

230530-wtwtaabd9y 10

Analysis

max time kernel
150s
max time network
144s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
30/05/2023, 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://come.scriptsplatform.com/away.php

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133299512201698487"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4600	chrome.exe
4600	chrome.exe
216	chrome.exe
216	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4600 wrote to memory of 2760	4600	chrome.exe	66
PID 4600 wrote to memory of 2760	4600	chrome.exe	66
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 3004	4600	chrome.exe	69
PID 4600 wrote to memory of 4964	4600	chrome.exe	68
PID 4600 wrote to memory of 4964	4600	chrome.exe	68
PID 4600 wrote to memory of 4456	4600	chrome.exe	70
PID 4600 wrote to memory of 4456	4600	chrome.exe	70
PID 4600 wrote to memory of 4456	4600	chrome.exe	70
PID 4600 wrote to memory of 4456	4600	chrome.exe	70
PID 4600 wrote to memory of 4456	4600	chrome.exe	70
PID 4600 wrote to memory of 4456	4600	chrome.exe	70
PID 4600 wrote to memory of 4456	4600	chrome.exe	70
PID 4600 wrote to memory of 4456	4600	chrome.exe	70
PID 4600 wrote to memory of 4456	4600	chrome.exe	70
PID 4600 wrote to memory of 4456	4600	chrome.exe	70
PID 4600 wrote to memory of 4456	4600	chrome.exe	70
PID 4600 wrote to memory of 4456	4600	chrome.exe	70
PID 4600 wrote to memory of 4456	4600	chrome.exe	70
PID 4600 wrote to memory of 4456	4600	chrome.exe	70
PID 4600 wrote to memory of 4456	4600	chrome.exe	70
PID 4600 wrote to memory of 4456	4600	chrome.exe	70
PID 4600 wrote to memory of 4456	4600	chrome.exe	70
PID 4600 wrote to memory of 4456	4600	chrome.exe	70
PID 4600 wrote to memory of 4456	4600	chrome.exe	70
PID 4600 wrote to memory of 4456	4600	chrome.exe	70
PID 4600 wrote to memory of 4456	4600	chrome.exe	70
PID 4600 wrote to memory of 4456	4600	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://come.scriptsplatform.com/away.php
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffbbcf9758,0x7fffbbcf9768,0x7fffbbcf9778
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1892 --field-trial-handle=1740,i,13803372982251834256,13726322323956509461,131072 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1740,i,13803372982251834256,13726322323956509461,131072 /prefetch:2
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1740,i,13803372982251834256,13726322323956509461,131072 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1740,i,13803372982251834256,13726322323956509461,131072 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1740,i,13803372982251834256,13726322323956509461,131072 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4444 --field-trial-handle=1740,i,13803372982251834256,13726322323956509461,131072 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1740,i,13803372982251834256,13726322323956509461,131072 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=1740,i,13803372982251834256,13726322323956509461,131072 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1740,i,13803372982251834256,13726322323956509461,131072 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 --field-trial-handle=1740,i,13803372982251834256,13726322323956509461,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:216

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4196

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\71d00d1f-4464-45a1-a36c-0be4bb4c9d83.tmp

Filesize
12KB

MD5
edb3fbb4cd913df6653d99ba60ac0e81

SHA1
3fcfd16b3893f4645d01b923d73aa97a83e20f40

SHA256
9a550acdd9c8d64776a3c7fc65173625981f9133bdff3ae4a878623aaff6f451

SHA512
77f0c44283a77aaeb9512aed5c6828cd3a5a886bed799ec02f84c6054c895ccf18100ff20cd7416e819abfa8991ada99e420b48d10775728d5cffe53fdd2bb57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6bc102571dd348c657fc94fcdbecf7b1

SHA1
1d7b98ba3fc5e8a08f122a2acefafb007376b429

SHA256
6841fbb466e811ef2199517ca6c72a6df0958cdab610aca5dd35a395eedfbd92

SHA512
41225045a81efe43d94157c0d1ca4f76fad698f36f0282dc6167a518430d369f5533be74f2bc140e6e4f54374c7e20eba1a758b467db6a86a1346b749e576a0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1c2616e323c37d496ce0b9c211479400

SHA1
47829e30d5b1be1e5b0b0bfecc7b17836fc98765

SHA256
185abce967adf86c621189a9e54936e55f84f64151b16a2cc0d119fc0f318c34

SHA512
7d1c57ec90969d3214e7add0acf0bf575938132bd7ff48200310aa62c12e0e0a63c3a1bdbfdbe895b4bb7088e39c55f81da754803f590cc964571e5e96d525b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
869B

MD5
6f22fadd9e1d0a277aabece390a01f50

SHA1
9e7622c43491d5b2e07fce72c7217d9b242ae5fb

SHA256
07670d8a98ed468bd03bc0f1efa908834ba3b8e9b86286cf34116dfc2cfbb4f7

SHA512
65d4be5b333e812fa15e251a956ab126a7b0a8b7a5863789d30c4f515dffe66ce16c9fa0d976bf97a09d11e0af821b0edb90d5bc42cd420f93abc4034c09ca7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
869B

MD5
aeeb7abf936d045f3da23de9c71d4f61

SHA1
935e998a564f7f223d5a9925079c08185f9780b8

SHA256
87e431cb047aca14c32a3931d2b7744b4896467a6f0fe4ed43ba04454abd2709

SHA512
0e3dea7073c160e832399bb3ec20194648daede18c202920e82132d65c718cc07cfbcf08a7be3a80c1eccbab20d9777325a877c7ddcc56a9705c75d465182f19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e266448b2d66f7654b261584ed9a5166

SHA1
2d2e031d80d4807ab1c39ce8b229143b18c12dbd

SHA256
2f2fcd0198cac8afb866e156caf0e5bf5c6d7bbb5a15c595cb8eb1be3621acf8

SHA512
bdb5a8ac5e1bd1a2b8e960748a3fe599ab8e651140eb35856cc1d4462622177dc6390057912ea9dc4b936697c66fc3859ce243bada2a839102c78d29b77a55d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f55b39498be74483a2605d2cd4afdcf0

SHA1
3e6b373ede4d19e3b72a15b67b4e24868ce6883f

SHA256
3677320698814d6cfd361c702e4808ea71e4af98b1063af11d7a341f255da50a

SHA512
cdb02d06ce63712e7aacbbf0f74f409cf2792234e92b78e20c92744249dcec7f095927efe0556621ff244cd9c6863d546e2da0059c55d9325c59ebe6b854910d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
21ab9f38220d6924fc4f49d7cd724c2b

SHA1
3c849eab9d221e062fedf0d3f66b0c83a2d59737

SHA256
fd9ebb627e06d2c90c00a6060786432b16f70c594834cfecb3afa794d736cb0c

SHA512
18e053fc04be0c5b26eefd2bf6c7ba34382e8a44c89b6dfb15a941b92f421d5abc0868116bd48b13821eea5a5c35fc6e4b394206a3442599cfbcaf7133015c9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
4c575f8c2b360ed4b1acff18d1aa3073

SHA1
53682aa048aa03c4a3c7ebd00d7174a77c008409

SHA256
b0ed4291ea8d207b6ac1a7f9f45f64396c2bd76c88b46c0227043aa6d2c12405

SHA512
823eaba8c13a74f7f89e0673197d8768eed3aaad6a28b23a053edd30daf47f35ad3920f5f9f0a78572c7d590e8b0af3ac5bd31cd5ca48fbcdf4187aeb38f2fa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe56aee2.TMP

Filesize
48B

MD5
becce9fb4a10d59307ef8138a5c6eade

SHA1
423826e2a31d50c7c6f30df25c50604290cdeebe

SHA256
f64dc2ebde14aa302eca2de798c311f41bc23f90fe06f19579a772b3bb1c9f22

SHA512
73772a2ef06ba08a3ce3e8fb6f380f3f4eebf30fc01c912369beba6d23ccf964f9d01432b2100c259164242c8b01543527a0c7179f497bb7349d46c71cc10add

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
55b5d8f9c794d555b65cd898bd818433

SHA1
a66e7fe9bd97cf57214970f9fb673385e953a19c

SHA256
0be87d80ff5c694a4ada58ed04063fb09b29bc1acb3c173abd8cb5e24915d62e

SHA512
c9b543158e6f0ec546e021c22f341d38399f8fe554bfc7cbf9cc3adaba2d3e64ca68881f0b43c9959cdc92f0e51bc82e52aa38c278a5a753dae5950592a0f1af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit