hxxps://goo[.]su/TfyXjk

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
24-06-2023 15:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://goo.su/TfyXjk

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133320958747662835"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2992 chrome.exe
2992 chrome.exe
1988 chrome.exe
1988 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

2992 chrome.exe
2992 chrome.exe
2992 chrome.exe
2992 chrome.exe
2992 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2992 wrote to memory of 4624	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 4624	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 1508	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 4196	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 4196	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 3540	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 3540	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 3540	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 3540	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 3540	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 3540	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 3540	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 3540	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 3540	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 3540	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 3540	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 3540	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 3540	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 3540	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 3540	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 3540	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 3540	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 3540	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 3540	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 3540	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 3540	2992	chrome.exe	chrome.exe
PID 2992 wrote to memory of 3540	2992	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://goo.su/TfyXjk
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc659e9758,0x7ffc659e9768,0x7ffc659e9778
2⤵
PID:4624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1784 --field-trial-handle=1816,i,5765538409364349824,17307478222669979211,131072 /prefetch:2
2⤵
PID:1508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1816,i,5765538409364349824,17307478222669979211,131072 /prefetch:8
2⤵
PID:4196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1816,i,5765538409364349824,17307478222669979211,131072 /prefetch:8
2⤵
PID:3540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1816,i,5765538409364349824,17307478222669979211,131072 /prefetch:1
2⤵
PID:4572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1816,i,5765538409364349824,17307478222669979211,131072 /prefetch:1
2⤵
PID:1888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4556 --field-trial-handle=1816,i,5765538409364349824,17307478222669979211,131072 /prefetch:1
2⤵
PID:3972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5344 --field-trial-handle=1816,i,5765538409364349824,17307478222669979211,131072 /prefetch:1
2⤵
PID:2500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5720 --field-trial-handle=1816,i,5765538409364349824,17307478222669979211,131072 /prefetch:8
2⤵
PID:380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 --field-trial-handle=1816,i,5765538409364349824,17307478222669979211,131072 /prefetch:8
2⤵
PID:3104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5128 --field-trial-handle=1816,i,5765538409364349824,17307478222669979211,131072 /prefetch:1
2⤵
PID:3424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=1816,i,5765538409364349824,17307478222669979211,131072 /prefetch:8
2⤵
PID:368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3348 --field-trial-handle=1816,i,5765538409364349824,17307478222669979211,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1988

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3696

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
696B

MD5
c495bae620ae6b4930a193e0099411c3

SHA1
05d04defa9a69d27f40e25ea8b57fa646188a7a8

SHA256
a124a6b587eed35aa0263863841c63fd8f96a6fea6840f6d74f8387f9544a9c3

SHA512
b7e88a8a99b28ffe78fdee7cc1a03bdaa5b5e6b236a3a81f58c8a0d856c424f099ed870797e9e8837720194afe61ad15acecd3233863aa937df0e9beac502f7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
f1b878cae5e57dee9c9bf34d2856a602

SHA1
820e5517066a8cec0d502074cd7d0c86c62e4446

SHA256
e3e81495a8a447264e9512bb33a4412b934468d2e5e85911171d968f4631e0fd

SHA512
cb61fcd1cd015412cf935d8ff7a84cdbadbcbd877fa2dd35542545227826b3500a57d7d94166f9b3e48fc558c3f20ffb0757de7091b4f2507de7f617aecae03a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
9bffc1cafd9e84b8ca0b06ded83b060d

SHA1
a61bc03f556ed095a9608cb50cf391ffde868c8e

SHA256
8a66707251d67ca43341b9fd193f367d9ae1b54524d2da80cf6061e4330b16ba

SHA512
f1ab65aa8a3084184a01923fe64893ac8c299225e96d12d15dde57aae8bb2229619dfd82adb99e07f193f658b7fedfe336375595d1d0922625c32d205f7cb1a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
571782fef2ca6ac1c7a35715f63750c3

SHA1
5d1327db038ba9f84ac892b4d4e921c2f6c9bdfe

SHA256
a56a27b25fcf268e2671efae6fe9697807c0e07ecc15a665b793477b2fffd285

SHA512
a198fd617cedf27452d8d24cedbb20aa1dbb5f8942f03010563075b5a6bdf5c90a86a0d315ffa5c3c178e35d27a6d213c081cb16c218d1ffe4087b4a8c713737

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
3461666e865462e84cd5ea61dbafd0f2

SHA1
8156701a995f6901265e71a7e230c97679dd4522

SHA256
00ce460c43550b7d713445ac996beaccdc02b730e9db0539f9401ca8931e9294

SHA512
2cc2004abf9ad10a9ebcb1b52e9c39e8932969c48919d135ff8a2af5c9f3f8b234c8ba7b7482f2ae3d48c4759c0b2f2f12c8f7fdacd720651e11c1c1ccf1b8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
174KB

MD5
cfd9ba62bedd95559ad330a87e099a47

SHA1
c0bf42c3b40f18ae898faabb6efa9842293aa37a

SHA256
976e93217e150f71bbfb9a18cdec0a070ec874d457ba9d3999ef924b3a9443fc

SHA512
046868d5c56af567e51a0d66fc48018142c59c04c37964933e39db4aec61ba8317924031f992df2e76d8548e2c38545ba5b07f51f09f7902587f8b0e619e54ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit