hxxps://lectortmo[.]com/viewer/5af40abb6baf6/paginated/21

Analysis

max time kernel
82s
max time network
78s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
06/06/2023, 18:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://lectortmo.com/viewer/5af40abb6baf6/paginated/21

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133305512661639167"	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe
Token: SeShutdownPrivilege	4036	chrome.exe
Token: SeCreatePagefilePrivilege	4036	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe
4036	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4036 wrote to memory of 3716	4036	chrome.exe	66
PID 4036 wrote to memory of 3716	4036	chrome.exe	66
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 1012	4036	chrome.exe	69
PID 4036 wrote to memory of 2072	4036	chrome.exe	68
PID 4036 wrote to memory of 2072	4036	chrome.exe	68
PID 4036 wrote to memory of 2148	4036	chrome.exe	70
PID 4036 wrote to memory of 2148	4036	chrome.exe	70
PID 4036 wrote to memory of 2148	4036	chrome.exe	70
PID 4036 wrote to memory of 2148	4036	chrome.exe	70
PID 4036 wrote to memory of 2148	4036	chrome.exe	70
PID 4036 wrote to memory of 2148	4036	chrome.exe	70
PID 4036 wrote to memory of 2148	4036	chrome.exe	70
PID 4036 wrote to memory of 2148	4036	chrome.exe	70
PID 4036 wrote to memory of 2148	4036	chrome.exe	70
PID 4036 wrote to memory of 2148	4036	chrome.exe	70
PID 4036 wrote to memory of 2148	4036	chrome.exe	70
PID 4036 wrote to memory of 2148	4036	chrome.exe	70
PID 4036 wrote to memory of 2148	4036	chrome.exe	70
PID 4036 wrote to memory of 2148	4036	chrome.exe	70
PID 4036 wrote to memory of 2148	4036	chrome.exe	70
PID 4036 wrote to memory of 2148	4036	chrome.exe	70
PID 4036 wrote to memory of 2148	4036	chrome.exe	70
PID 4036 wrote to memory of 2148	4036	chrome.exe	70
PID 4036 wrote to memory of 2148	4036	chrome.exe	70
PID 4036 wrote to memory of 2148	4036	chrome.exe	70
PID 4036 wrote to memory of 2148	4036	chrome.exe	70
PID 4036 wrote to memory of 2148	4036	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://lectortmo.com/viewer/5af40abb6baf6/paginated/21
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff974779758,0x7ff974779768,0x7ff974779778
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1888 --field-trial-handle=1720,i,16596789234457470985,203619238254617003,131072 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1720,i,16596789234457470985,203619238254617003,131072 /prefetch:2
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1720,i,16596789234457470985,203619238254617003,131072 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1720,i,16596789234457470985,203619238254617003,131072 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1720,i,16596789234457470985,203619238254617003,131072 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4708 --field-trial-handle=1720,i,16596789234457470985,203619238254617003,131072 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4472 --field-trial-handle=1720,i,16596789234457470985,203619238254617003,131072 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5068 --field-trial-handle=1720,i,16596789234457470985,203619238254617003,131072 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6316 --field-trial-handle=1720,i,16596789234457470985,203619238254617003,131072 /prefetch:8
  2⤵
  PID:720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6352 --field-trial-handle=1720,i,16596789234457470985,203619238254617003,131072 /prefetch:8
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 --field-trial-handle=1720,i,16596789234457470985,203619238254617003,131072 /prefetch:8
  2⤵
  PID:2972

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4360

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AE3A70C53DA56E26B81C1702D6548BFC

Filesize
1KB

MD5
621b6a8281ce9276497ebd2fc5f6a546

SHA1
ce1710a80bd0dfb6ed688c37c8fc066268bd814b

SHA256
280bbc34a98cc79606a89690e52ab72fdc5fff275dc366c4827b1656313e9790

SHA512
d81fab9c518432a64d4625e260d1ff954d60367a12e40ed66179372673f460037ee9d79b097479b719d4af383dfbcc65108fd0865ad266d28482ef7e62c420c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AE3A70C53DA56E26B81C1702D6548BFC

Filesize
256B

MD5
5ef10e2aa1726e15ed1d5895692f98df

SHA1
f787dcaa3d27125e51486a64e28f0e71fdbe8659

SHA256
0c55506fd425678743ee35577e4ab3e94b2678f55dd9cd2d1d973bc005ca0dd9

SHA512
11ee1522e5576c98a69f027a979e6db621b66b5ebb5a25c137fba4adf26db71056cb1489416582c866affdd72e2e8eb7e8cb40515a577fb5959faad05455f0df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\07b8bf55-8578-4293-bc2b-99d4bf0f719e.tmp

Filesize
5KB

MD5
7f75116a76582683251eab4be72d527b

SHA1
6f9884f873504ecd16521052b49f66ac262d2a73

SHA256
7f9f12919fc526b926410b530f3d2fb973a098eeca34f2bcee46333f3d528039

SHA512
321cef291b6b3b0b19e0892885b6bd6684dcfac21dbffc19c8e5e585c763faee64feb61871bdf443422555c980c811eb5e7db5d0665c1ff5d84add9223e4b308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
163KB

MD5
3c9e296a4f1a645129b9d47a8e7be4fc

SHA1
d8521f21a35c88fba003b55f349eb89b138e74fe

SHA256
9fa43fbbe08f3c15235dee9e4454351c3a0c45e9d5582341b86d8bb2eccfb594

SHA512
96d0353d9012b3c98e99ae0586bc0f62098600f1ac24a1fd2e211b59ff05cbe6f5f6bddb54c6dbef5921a3ea60202e83dbc734a6e6c9a78b14aec5596944937f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
7f1e7ec363cd89317045727e7f6a8977

SHA1
68a3e3e17f11b77fe88b4d9d2695aa141269d0df

SHA256
260da7495a037180063d5da4b7977647a6fc3e7cda3297b75d7a61f9c3ed63b5

SHA512
cb173d4ec3364e7812b7c28e90b5a4cb246d0c6742c0970e8236631d9b0ba5e57402b20be732ee06aa26fe8efd6694f14964222a07cf94164b72bb9db6a807e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
c6b24505afd3943aabdf0be2ad734574

SHA1
1fc098070f2f714cd24fce0ced7ddc4069082758

SHA256
fa6eb2cb0019288479cd02204b60258ed7978aa58ded1dfaed765592e329f6de

SHA512
1f92f59e9ced4ae15140b05b669b957051461e34a682cb9d91acc5609163eb2292acd1cccef56d46c55b0a1fb74b8e3524a4c875f72c4c1726bdee603e5870c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5024381312a73fc6ad355d8f520058a1

SHA1
be90fed1cbc5b2673105717f5ca999023fff4ebd

SHA256
c48e033be4a986bc2dc9e81162fba8b631c888397c8f021373fbc48e1cb6baa4

SHA512
4ae199bf740df43a53006a908adcd808ac0a3a0a70ac7719a70729ffb9b30461427902dd220a88bfdf95ca769859f342257659a10e1f6c11fdf2c2e0f5b53750

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b29bb57e1dbe655b0871717979936eeb

SHA1
c2e709bc0a06efda99e37c03590b48c479f6c03c

SHA256
9f619640cb88c6ef1c9622baefa306f0c38e5bf087115a6ba9f8c98c9f7446dc

SHA512
f9ec4a129bd797b060b889614fe94c9f77751817277f314dfe0a5f2a0a852bbe3d0ed7a8552bb98d51a7e7adfdb306612e2c4ecc3853521cef3381a3271857fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
10c9a7ed00c0a10bb683c03c68d2b0ac

SHA1
bf3a44bc94feacd6a9efa5f65779b1b74d04a345

SHA256
369f8fe66ba91833ff6ec22ccfb2b07a40bcde571119f92351e5e9923313368f

SHA512
ec3dfa51c112fb86cfa4683432a6b334c1cfa7ea9f3997d6a89878df135c89bcc402f0aad808d446dd68abb2854ba8d576373d64ef5b9f22620884320eb7209e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8af462ea1f56d09a4202778a66418a87

SHA1
7b6791338989082661efd63e5b7d7e0b72f55ca1

SHA256
bb8d49d2d322515930348f6a40d87048424bfb1a1ad2b8553efe19dc8499cf55

SHA512
6c0d6f9184d0d0dadbde30dd1b8a7094dedcfa6c1ff2567fa12439bf01fb87757df5df5eeaea2c84ac2268e73efa7b7daac3692b0d41c6eeb8f3d97cfb619fc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
e4fcec9da254cfdf76ef9908c53c0f8c

SHA1
e9b2f8d1f5c86e1e7208aa46ae112dd3daf48849

SHA256
0f6eb81559f52f6ece458413ed1c086b9cfe8d65c715589d0726a491b68026fa

SHA512
eaa821e024e723a620ab7eec8f7f218dee6b4750808ba89b45cde5a0fd4a1df13e24ca50c0e808136e5b606564be8d1416134b215c36193e4314f7f4a791974a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
157KB

MD5
f81e27b46e308dd4cb96efb34b1af1fc

SHA1
fa0eb348f784ab59b1738736ae0d2ecd0a7a7dab

SHA256
287b1481ddf3a706cf5732adde3042ff098259818ad4aefc6263773dd987f75b

SHA512
0ac708a9984cd418eb79ec086aad16e8326eec98fc11400dbe0710b842b0f724364d19520a46d29a0f61802b8054b29188baf9e0dd9a553499fc90fce9156c4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit