hxxps://r20[.]rs6[.]net/tn[.]jsp?f=001eTpnQXOaPQUM0drREr0v_oQiYnEQzg2Y7HP0JUIyiv6CpVZCXMsstGY7tvqNpxWUBOYL6w3htqXqShWHnBLtwWa8_sXKeFvNvTzdBnfkw9IBunksOpDUohO-BYUr0M_FjmDM0EjA9EZQD_oTi4E7o7ZRP8gsEc4QMW375rJ1iJaOjyS-Yie4CXUeiuvBtIE3CEnI0FGbqg0=&c=UED_YoqmQw_E0UgALVDO06ELY-ed0tPgOZ5YVIo18OpcZgpfFr0JGw==&ch=CvRgs_kUfN6lIvmWYYJyfLlNdvoBA49LmWEQiIHZMN64XtKFoWnLOw==

Analysis

max time kernel
300s
max time network
269s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
16/06/2023, 06:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://r20.rs6.net/tn.jsp?f=001eTpnQXOaPQUM0drREr0v_oQiYnEQzg2Y7HP0JUIyiv6CpVZCXMsstGY7tvqNpxWUBOYL6w3htqXqShWHnBLtwWa8_sXKeFvNvTzdBnfkw9IBunksOpDUohO-BYUr0M_FjmDM0EjA9EZQD_oTi4E7o7ZRP8gsEc4QMW375rJ1iJaOjyS-Yie4CXUeiuvBtIE3CEnI0FGbqg0=&c=UED_YoqmQw_E0UgALVDO06ELY-ed0tPgOZ5YVIo18OpcZgpfFr0JGw==&ch=CvRgs_kUfN6lIvmWYYJyfLlNdvoBA49LmWEQiIHZMN64XtKFoWnLOw==

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133313706947399232"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3752	chrome.exe
3752	chrome.exe
1300	chrome.exe
1300	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe
Token: SeShutdownPrivilege	3752	chrome.exe
Token: SeCreatePagefilePrivilege	3752	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe
3752	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3752 wrote to memory of 3772	3752	chrome.exe	66
PID 3752 wrote to memory of 3772	3752	chrome.exe	66
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4120	3752	chrome.exe	69
PID 3752 wrote to memory of 4160	3752	chrome.exe	68
PID 3752 wrote to memory of 4160	3752	chrome.exe	68
PID 3752 wrote to memory of 4344	3752	chrome.exe	70
PID 3752 wrote to memory of 4344	3752	chrome.exe	70
PID 3752 wrote to memory of 4344	3752	chrome.exe	70
PID 3752 wrote to memory of 4344	3752	chrome.exe	70
PID 3752 wrote to memory of 4344	3752	chrome.exe	70
PID 3752 wrote to memory of 4344	3752	chrome.exe	70
PID 3752 wrote to memory of 4344	3752	chrome.exe	70
PID 3752 wrote to memory of 4344	3752	chrome.exe	70
PID 3752 wrote to memory of 4344	3752	chrome.exe	70
PID 3752 wrote to memory of 4344	3752	chrome.exe	70
PID 3752 wrote to memory of 4344	3752	chrome.exe	70
PID 3752 wrote to memory of 4344	3752	chrome.exe	70
PID 3752 wrote to memory of 4344	3752	chrome.exe	70
PID 3752 wrote to memory of 4344	3752	chrome.exe	70
PID 3752 wrote to memory of 4344	3752	chrome.exe	70
PID 3752 wrote to memory of 4344	3752	chrome.exe	70
PID 3752 wrote to memory of 4344	3752	chrome.exe	70
PID 3752 wrote to memory of 4344	3752	chrome.exe	70
PID 3752 wrote to memory of 4344	3752	chrome.exe	70
PID 3752 wrote to memory of 4344	3752	chrome.exe	70
PID 3752 wrote to memory of 4344	3752	chrome.exe	70
PID 3752 wrote to memory of 4344	3752	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://r20.rs6.net/tn.jsp?f=001eTpnQXOaPQUM0drREr0v_oQiYnEQzg2Y7HP0JUIyiv6CpVZCXMsstGY7tvqNpxWUBOYL6w3htqXqShWHnBLtwWa8_sXKeFvNvTzdBnfkw9IBunksOpDUohO-BYUr0M_FjmDM0EjA9EZQD_oTi4E7o7ZRP8gsEc4QMW375rJ1iJaOjyS-Yie4CXUeiuvBtIE3CEnI0FGbqg0=&c=UED_YoqmQw_E0UgALVDO06ELY-ed0tPgOZ5YVIo18OpcZgpfFr0JGw==&ch=CvRgs_kUfN6lIvmWYYJyfLlNdvoBA49LmWEQiIHZMN64XtKFoWnLOw==
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffab6a79758,0x7ffab6a79768,0x7ffab6a79778
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1848 --field-trial-handle=1792,i,14956414007894904960,12408884503985705481,131072 /prefetch:8
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1792,i,14956414007894904960,12408884503985705481,131072 /prefetch:2
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1660 --field-trial-handle=1792,i,14956414007894904960,12408884503985705481,131072 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1792,i,14956414007894904960,12408884503985705481,131072 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1792,i,14956414007894904960,12408884503985705481,131072 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1792,i,14956414007894904960,12408884503985705481,131072 /prefetch:8
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4904 --field-trial-handle=1792,i,14956414007894904960,12408884503985705481,131072 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1792,i,14956414007894904960,12408884503985705481,131072 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4860 --field-trial-handle=1792,i,14956414007894904960,12408884503985705481,131072 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4488 --field-trial-handle=1792,i,14956414007894904960,12408884503985705481,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1300

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1292

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e54238e9dbfb87ea1ec97bc0b33fffe4

SHA1
d4645f1ab16b2199a98b3a83256c1505a2383aa7

SHA256
5435367515350e15109d8b8fb3a0c78873d07edfd368b238eef3a24104357a16

SHA512
b26159288dd835047336b726b9fc499c8f7a7d0c2261620d4390c3911421edb831aeb4edc3ba869307a5d0558c6a471a85350fea026ce295490de38941c5fa4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
8baab6bca87e51dd5b3e1d541170a181

SHA1
773f5f49e57e743dc814b6496dccaa10ab73bf0d

SHA256
84906eeacbba7366dc4bc7eab6dfba4a2f673bdaa14d93651c697deed08c067b

SHA512
3727fb7677f0d0052757f22f9d600b0f7444613fc9ab57869922fff7b64663bd6290f5eca3c3d57a4d898e2b45fae3f841f57d2745c009e645a980ce15d11166

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4e874cc5b697633519d87777cbcbbc2a

SHA1
1ab4f633ddd8afb40b4c904437c780c1bfc9808b

SHA256
4394592bd7b21da3832d932593faf15f57facddc9901dbbe3716843158c0d63e

SHA512
659f8877fbcc3bce3261a371176679a1d764a72c97aaf8dd67e31c66ceb89ff2ab7f6cff9cb71afe3a52f4a9c1e80891e777b9e0cd514d81eb54adc807389cb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ac148b60e3759242f68973d918f2c2d9

SHA1
39b77dec4305ce2078bd18ecf55e3fe1eb865482

SHA256
9db9055d5658b018811ca82d1534a07d20f06c296be919d415133eec3240f15f

SHA512
ae37e12a0655c71aa37f2f39271c00727ad51abeb8075a5ee68d0e35f8865fe751478dd2e399b76e7ee81220ae5afe610f3bf53225b7c1adeab34e7c6dde5e55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2918fa36901c12a7b3c3a58791c6c17a

SHA1
2322d18f844663c88cf82d25a49497bb874ef7f9

SHA256
05189ed2dc89dbff358fe0afbc3fd2d1ccf4a4d77240ed67320d3acf447c9a2e

SHA512
a8880b9cb10192765ad65e301a3e480d67198fe6a6eeadd4cb5e8f8ffb4b7cef15322fa2d5432bab1af9bc94e9e66cad37978f34d5741b208e6e24905e4adc75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
9c951c2fa2815396bc0383da13238120

SHA1
3f0795038cd8e244c4fe5fb8b75f61e2435442ca

SHA256
425973788c7ab9eddfeaa75c0b171cdd86cd74f39684872c226695034b8d90ed

SHA512
f3a761601965d6647e339f1ed6c8b05b8b5ba6ed34bff02d825f65d56c7241b100907c9fc89aa09694dffc523b8b86073e0a08300afecae4e7b916b7c896997c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
161KB

MD5
84285698a27e3269a04a3553aa3425cd

SHA1
81c67fdedcf77b98ff2263336b26e7a32d652a52

SHA256
91c647005e781557eaf03afe2ea8b5d876665d0ab0fb1bd9f36193349a38a4d1

SHA512
f821ee5c244ec48cb33cc8c98df3dbaff052016f9eead33f436119b6d8c854393ca7b87fb57d93124dfc74dc2caa211378339156e72404fd316217ccbb36ff85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit