hxxps://www[.]unictool[.]com/

Resubmissions

28/06/2023, 06:35

230628-hcgq5she4s 1

28/06/2023, 05:56

230628-gmz5sshd4t 1

28/06/2023, 05:45

230628-gfvlqshd3v 1

Analysis

max time kernel
330s
max time network
324s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2023, 05:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.unictool.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133324047345738908"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1888	chrome.exe
1888	chrome.exe
1148	chrome.exe
1148	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe
Token: SeShutdownPrivilege	1888	chrome.exe
Token: SeCreatePagefilePrivilege	1888	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe
1888	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 4008	1888	chrome.exe	84
PID 1888 wrote to memory of 4008	1888	chrome.exe	84
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 5060	1888	chrome.exe	86
PID 1888 wrote to memory of 3824	1888	chrome.exe	87
PID 1888 wrote to memory of 3824	1888	chrome.exe	87
PID 1888 wrote to memory of 4612	1888	chrome.exe	88
PID 1888 wrote to memory of 4612	1888	chrome.exe	88
PID 1888 wrote to memory of 4612	1888	chrome.exe	88
PID 1888 wrote to memory of 4612	1888	chrome.exe	88
PID 1888 wrote to memory of 4612	1888	chrome.exe	88
PID 1888 wrote to memory of 4612	1888	chrome.exe	88
PID 1888 wrote to memory of 4612	1888	chrome.exe	88
PID 1888 wrote to memory of 4612	1888	chrome.exe	88
PID 1888 wrote to memory of 4612	1888	chrome.exe	88
PID 1888 wrote to memory of 4612	1888	chrome.exe	88
PID 1888 wrote to memory of 4612	1888	chrome.exe	88
PID 1888 wrote to memory of 4612	1888	chrome.exe	88
PID 1888 wrote to memory of 4612	1888	chrome.exe	88
PID 1888 wrote to memory of 4612	1888	chrome.exe	88
PID 1888 wrote to memory of 4612	1888	chrome.exe	88
PID 1888 wrote to memory of 4612	1888	chrome.exe	88
PID 1888 wrote to memory of 4612	1888	chrome.exe	88
PID 1888 wrote to memory of 4612	1888	chrome.exe	88
PID 1888 wrote to memory of 4612	1888	chrome.exe	88
PID 1888 wrote to memory of 4612	1888	chrome.exe	88
PID 1888 wrote to memory of 4612	1888	chrome.exe	88
PID 1888 wrote to memory of 4612	1888	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.unictool.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff816ca9758,0x7ff816ca9768,0x7ff816ca9778
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1784,i,17605959925706022296,17278002167426568108,131072 /prefetch:2
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1784,i,17605959925706022296,17278002167426568108,131072 /prefetch:8
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1308 --field-trial-handle=1784,i,17605959925706022296,17278002167426568108,131072 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1784,i,17605959925706022296,17278002167426568108,131072 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1784,i,17605959925706022296,17278002167426568108,131072 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5156 --field-trial-handle=1784,i,17605959925706022296,17278002167426568108,131072 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1784,i,17605959925706022296,17278002167426568108,131072 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1784,i,17605959925706022296,17278002167426568108,131072 /prefetch:8
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2728 --field-trial-handle=1784,i,17605959925706022296,17278002167426568108,131072 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4580 --field-trial-handle=1784,i,17605959925706022296,17278002167426568108,131072 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5352 --field-trial-handle=1784,i,17605959925706022296,17278002167426568108,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4548 --field-trial-handle=1784,i,17605959925706022296,17278002167426568108,131072 /prefetch:1
  2⤵
  PID:896

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3236

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
2358e00a2b433dd60e89c9e3cf1796f9

SHA1
4f1977f329ee2f73afa52ff568678332b10d68d0

SHA256
25656a255812c7b1cd84acfca773027e0acfb42d2ecbf0aa56d846e9d8b177fb

SHA512
34eb9169867597e56c269019da707a1cf5402bc75671676038a6a597af7d8295cc0c06a92a5a09424e537facfcdd57bcea3b5b252fe4ae6982247580a3cb7864

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5e0841aa22c71d91b6c7f63d24d3eb91

SHA1
a8b86b8281d4acc0d95d348c48466bda51e73cf1

SHA256
9b0a3f8c61abcebd2b74ba30cd4b8b32f1e005dfa0a7da2481e56a8ad342380c

SHA512
da40dddf0a4dd962ea87c278d6e97ca5ca3c4fd3aa3398e4ceeee706493dc3a23f95823864a00b644ed6ff2184fb6599a4b93a40ccdf100e65b48c4d68bb6e3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
e913ab83e256ecd6743a93ffc3007781

SHA1
4de01e88e13366a8d27b1117ac6e5f57e4a7e9af

SHA256
713d9ff2a649fc298922c247e7ecd44d08e4a1346b6f3a42a8e62917e2574896

SHA512
c594abab87569d574661394e8c57bdb7d7c3d9551e6457e8ea0bd462e27d48a8e12af0759ee2beb847947527e7dcefdfdef29dbf87bfa987f3a9df56eb6ac4a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8758e6f4c63e4d96b16d6e857b1f71e6

SHA1
74d45514a4a38d6e84697ff27a96241d5c4952c1

SHA256
dc8ae63054874feab201b46003ba553ecbc49fcfe41fc780c10f797982e260ea

SHA512
7d49f6a349f786aa4538dc7104d0c2c4cb845da47e25b145bae993062ea5c987cfd8b0a08273f1f24ac6782667a9f12e3504d4e71eace896f3d1b271ee8432c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
eca17ed27253355aaf2e0e74b95fa402

SHA1
748d9253012712a1bbc3d9da0b3e52b315552539

SHA256
2a4a8f7c0db1cd32a1156327ce2275524432711a59988f88c9c788671b478021

SHA512
c4ae64fb8804a3c24cc8091e7f38d103c06e04e321cb8b35b2fe2d46ac7379e9b155ab8e635a7441bd28320a3568995d89ad8c76fb34cd97a0f59f4ba6abf8df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5a59f79745baa03b4a3994bd6f27d872

SHA1
53b0cfabac6104dc6d82095efb6fc09674917e1d

SHA256
a38f749dc2477c83f2027fda97e7327d1f23b3fb20922264253f4283f32350bf

SHA512
6dc065edf26051af3448f62564d8d1afdd9ec18ea12613451c137924a314cde8c826ae1103dca7aa97cd03cd7ca081d63621e9467e8d8a2d3eaabfd471391b17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
322dec0485fcd64f985efc265c9ba049

SHA1
a6d4543d2432d68d9cde905b78ac8be06aa65442

SHA256
84bf05b94ad6afd30e45ccae8c9469e6c52ca24de70111d7cf3536b9e2e6b232

SHA512
cc79a30a3072d77e10dc561c9899ff3ed3501c6833f6b2bb2fa46d0962001109998fafaeb00202fce26145a6256f9343b9a7f36b3c50f982d37850d4e6a9b6dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
aa17f73992ebd4248a0c72b2b780ebe3

SHA1
96b81997c6ffb877d49e868a3c4603402e01aabc

SHA256
18b5c8b104297b58fcde89565e6042d1d1947da3958e2afcf94ba1e6f47de881

SHA512
b2d65412290afb510809705b25e6c7470e0e4b4003a3a27c225b80ecc0a1f91ace3f28d95d60bc53fa54e6e299f2c9e495f1614a713e3bf904bc357d9de1cf57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b02aa15b8b9196ed6236a0e92a3e8c32

SHA1
7ed1c9256b4987f72bf524a4d56431569cd182b4

SHA256
7388d6a0c51c71402f407c634962fc07bb735dc68b32f2b83275c15a26a8305a

SHA512
b066cc7bf7d7a7b6ea359692b6533e1b57d748478a98dbe2dd23c33381a2d3382708971d74e8ee7884d27738c61c1eeb9fc9addc98500e9eb96632f2af14a165

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0ab075604d5900257a819faca99dc0d5

SHA1
1d2a9143718e3c16e0ae7924f59f441dbb06032b

SHA256
7ab634b72a2b5fe7a929bf8c755f12cf1a616d2138e9271fa24f43a5569a00c3

SHA512
b6ed6af4805991b5c8fd1d4607346acc50f9b995f06239f952bb2dc7ee7772ed432be0825ec3f6d28836a2ca99a4851ce61f852a94b263ad152990f7678797e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe56cd86.TMP

Filesize
48B

MD5
35ef23919705b7cd88aad5d7990deea4

SHA1
47e695596acdaeb90eef12782319f7f4419dea84

SHA256
92307a8a8a0c2ebaa38405d1943b1b7a662d35734439ab5fa1615d5bea477956

SHA512
31f3024a10b8e4a3ba729bf245739663340972c436e5b1a2c7e1e0755e0a860f8690c38af0c441f03fdbe2f9dee04644d653a9e167666c939dfc78e75770270f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
4198020104cf4af0605b135671f3911a

SHA1
8082f662c412cfa8b4633eb0b519bc5b518c4b8f

SHA256
515c7b1db4c6b59301af74a6b475d92470603b7a5bcb3c5553458ee13c22d235

SHA512
c433b884adf792076481eb52dedf13fb6a585ad0e164c6486585f59e37c548f14f918d499755092f738bde7e46eb49ec64ff2e7443b407eff721d9c7a2ab9a89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit