hxxp://www[.]ifdcsanluis[.]edu[.]ar/123/1111[.]exe

Analysis

max time kernel
150s
max time network
152s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
09/06/2023, 10:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.ifdcsanluis.edu.ar/123/1111.exe

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133307796562008710"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1716	chrome.exe
1716	chrome.exe
3512	chrome.exe
3512	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 1580	1716	chrome.exe	66
PID 1716 wrote to memory of 1580	1716	chrome.exe	66
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 348	1716	chrome.exe	69
PID 1716 wrote to memory of 2456	1716	chrome.exe	68
PID 1716 wrote to memory of 2456	1716	chrome.exe	68
PID 1716 wrote to memory of 3856	1716	chrome.exe	70
PID 1716 wrote to memory of 3856	1716	chrome.exe	70
PID 1716 wrote to memory of 3856	1716	chrome.exe	70
PID 1716 wrote to memory of 3856	1716	chrome.exe	70
PID 1716 wrote to memory of 3856	1716	chrome.exe	70
PID 1716 wrote to memory of 3856	1716	chrome.exe	70
PID 1716 wrote to memory of 3856	1716	chrome.exe	70
PID 1716 wrote to memory of 3856	1716	chrome.exe	70
PID 1716 wrote to memory of 3856	1716	chrome.exe	70
PID 1716 wrote to memory of 3856	1716	chrome.exe	70
PID 1716 wrote to memory of 3856	1716	chrome.exe	70
PID 1716 wrote to memory of 3856	1716	chrome.exe	70
PID 1716 wrote to memory of 3856	1716	chrome.exe	70
PID 1716 wrote to memory of 3856	1716	chrome.exe	70
PID 1716 wrote to memory of 3856	1716	chrome.exe	70
PID 1716 wrote to memory of 3856	1716	chrome.exe	70
PID 1716 wrote to memory of 3856	1716	chrome.exe	70
PID 1716 wrote to memory of 3856	1716	chrome.exe	70
PID 1716 wrote to memory of 3856	1716	chrome.exe	70
PID 1716 wrote to memory of 3856	1716	chrome.exe	70
PID 1716 wrote to memory of 3856	1716	chrome.exe	70
PID 1716 wrote to memory of 3856	1716	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://www.ifdcsanluis.edu.ar/123/1111.exe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0x44,0xd8,0x7ffeb84c9758,0x7ffeb84c9768,0x7ffeb84c9778
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1768,i,4006944772840480766,10498969889202828359,131072 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1768,i,4006944772840480766,10498969889202828359,131072 /prefetch:2
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1768,i,4006944772840480766,10498969889202828359,131072 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2740 --field-trial-handle=1768,i,4006944772840480766,10498969889202828359,131072 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2732 --field-trial-handle=1768,i,4006944772840480766,10498969889202828359,131072 /prefetch:1
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1768,i,4006944772840480766,10498969889202828359,131072 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1768,i,4006944772840480766,10498969889202828359,131072 /prefetch:8
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1768,i,4006944772840480766,10498969889202828359,131072 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4740 --field-trial-handle=1768,i,4006944772840480766,10498969889202828359,131072 /prefetch:1
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3860 --field-trial-handle=1768,i,4006944772840480766,10498969889202828359,131072 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4808 --field-trial-handle=1768,i,4006944772840480766,10498969889202828359,131072 /prefetch:1
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3236 --field-trial-handle=1768,i,4006944772840480766,10498969889202828359,131072 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5332 --field-trial-handle=1768,i,4006944772840480766,10498969889202828359,131072 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3028 --field-trial-handle=1768,i,4006944772840480766,10498969889202828359,131072 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5584 --field-trial-handle=1768,i,4006944772840480766,10498969889202828359,131072 /prefetch:8
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5732 --field-trial-handle=1768,i,4006944772840480766,10498969889202828359,131072 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3652 --field-trial-handle=1768,i,4006944772840480766,10498969889202828359,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3512

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4748

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b4932c386644d78dae2315de6207c055

SHA1
dc911e4a6cef9c1db533d82258d6dced0c047ef4

SHA256
5812c21053979924dc35b4b16c6951f979abfe610bf93498b676faaab2df84f9

SHA512
400455a25914728e939b04fb38331796b0ba021d23cb93b2a60d30fdf001029d5f1b6478f29199c6afabb02413428ef3d9d91c252ccc9c2ca2e0956e2f6d2fa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
38fcd4a705aa24558a0876dcc2ac3275

SHA1
16afc092aa1714b9947775b4c71f7396372b7142

SHA256
7ac67207c87f878aee67b102babc32c4b875dac301d5319b938b3f163ba2cf4f

SHA512
e2caf04466959a2f36661d053e8d9f23ecea76c51c39a789499b92c42073b2dafeda805ee2124ea08c7daa6fc83064b01047b74c5d1bd346c032ca7a2f94e8d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
50234b38b6f7610a4f5c2b40c670cfa7

SHA1
459a908ea01bec9af732430b6d4537e6b0b1a735

SHA256
7acc5938da995a8d15c5b53f57328d6e950e31aa00bd260892a72db51f2aaa5b

SHA512
9a07c265a58ff4dae4a577b9bad598df672165bc3bf29f0250b1d1afe2e98a758e3f5046c829b9d7e3c86651f17a48f3fccc8836e96e22bfcdebc4c149e4f68c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7419ea8c804c5dd9d80e7c1af0a35bc0

SHA1
1930f8edcc124d659191e18533dd098b516f99d5

SHA256
db4e860839f55593d4938bf20453a1417ee897e8e292f9e604aec550d34da40f

SHA512
3b3438bbd44d6a3eadb2689a0966165f2f3baa845985c8956c255e01300420a64ae08ed8773548e29987781b8c21bbf2f66e72f71a39a6b2fa4b3dc8323ed3bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fdd5aa5656d4c06798cc3eff8696dcc2

SHA1
55a7e0bd95ba45c601a2128a81e56a96a5bb0a6d

SHA256
cc621eb4c5af36392231e0a8656fdbe11e0a80ce88f573e20274b8b7b3da9c5c

SHA512
c8c3bfe39f00552f1186ac6f2c887355e617dffd0459cf97c586d3b5c97ae01eb023fa426b2af2fbc0d4fefdeb104c74f40d25c9c9a9536b3a6fa1d5ebfff6ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
213e38467ce0ff70930a5ad39aeb071c

SHA1
553ad3c2338b1e880a2e62fa1eaac584fa6da344

SHA256
6b7384b4e2fbe504b86d2519ac8ffc052034b3879d3cc4cdd1c9b1b998c93a5e

SHA512
247ae8fa1e0cab991784b004fb55a4f3d7922369d4a53cc7894fbba3576c9c535c7a6f426e7b7c4157413ae65760b6b76092fafeae13099389cf5b0262421618

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
158KB

MD5
5e387a7eed6518e70a241bc709c5af01

SHA1
6ee9266532e8635e19bae17997c1ae5c0748b757

SHA256
23ed5920f796a17c6ef69b8f592d49687a0073fdcb42923ae862910bccd6b934

SHA512
43e25d5c08248f9ea2fea317ce7858cc810926fa9f0f735019a249b83f0a036abadb97f31783b722dd3449b99197ebce2f329241ca61626605b2d43825904eb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
158KB

MD5
f293386ecabe4cf4192bfb71b6c2614a

SHA1
48c99702976624d4a97f392148fd3c87fd699078

SHA256
b14eb4086dfeb9c025211a05da4be15377ea5c982faa7bec6dee0e84719ceddd

SHA512
b414202b2ece5ecdefd8753223ee00b37102b0759ec0d9390e4bdaf1cf34da3b2f74fc8ebc3db7ea09b3439a6b758595516cdcd203942836dcb6a8a9478f36fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit