hxxps://www[.]freemanco[.]com/store/show/landing?nav=02&showID=518661&review=true

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2023, 20:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.freemanco.com/store/show/landing?nav=02&showID=518661&review=true

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133325447375763632"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4404	chrome.exe
4404	chrome.exe
4304	chrome.exe
4304	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe
Token: SeShutdownPrivilege	4404	chrome.exe
Token: SeCreatePagefilePrivilege	4404	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe
4404	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4404 wrote to memory of 1892	4404	chrome.exe	87
PID 4404 wrote to memory of 1892	4404	chrome.exe	87
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 5064	4404	chrome.exe	88
PID 4404 wrote to memory of 4116	4404	chrome.exe	89
PID 4404 wrote to memory of 4116	4404	chrome.exe	89
PID 4404 wrote to memory of 5068	4404	chrome.exe	90
PID 4404 wrote to memory of 5068	4404	chrome.exe	90
PID 4404 wrote to memory of 5068	4404	chrome.exe	90
PID 4404 wrote to memory of 5068	4404	chrome.exe	90
PID 4404 wrote to memory of 5068	4404	chrome.exe	90
PID 4404 wrote to memory of 5068	4404	chrome.exe	90
PID 4404 wrote to memory of 5068	4404	chrome.exe	90
PID 4404 wrote to memory of 5068	4404	chrome.exe	90
PID 4404 wrote to memory of 5068	4404	chrome.exe	90
PID 4404 wrote to memory of 5068	4404	chrome.exe	90
PID 4404 wrote to memory of 5068	4404	chrome.exe	90
PID 4404 wrote to memory of 5068	4404	chrome.exe	90
PID 4404 wrote to memory of 5068	4404	chrome.exe	90
PID 4404 wrote to memory of 5068	4404	chrome.exe	90
PID 4404 wrote to memory of 5068	4404	chrome.exe	90
PID 4404 wrote to memory of 5068	4404	chrome.exe	90
PID 4404 wrote to memory of 5068	4404	chrome.exe	90
PID 4404 wrote to memory of 5068	4404	chrome.exe	90
PID 4404 wrote to memory of 5068	4404	chrome.exe	90
PID 4404 wrote to memory of 5068	4404	chrome.exe	90
PID 4404 wrote to memory of 5068	4404	chrome.exe	90
PID 4404 wrote to memory of 5068	4404	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.freemanco.com/store/show/landing?nav=02&showID=518661&review=true
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4c589758,0x7ffe4c589768,0x7ffe4c589778
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,12826615207762222880,1496886860164047907,131072 /prefetch:2
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1812,i,12826615207762222880,1496886860164047907,131072 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1812,i,12826615207762222880,1496886860164047907,131072 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1812,i,12826615207762222880,1496886860164047907,131072 /prefetch:1
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3192 --field-trial-handle=1812,i,12826615207762222880,1496886860164047907,131072 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5064 --field-trial-handle=1812,i,12826615207762222880,1496886860164047907,131072 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5520 --field-trial-handle=1812,i,12826615207762222880,1496886860164047907,131072 /prefetch:8
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 --field-trial-handle=1812,i,12826615207762222880,1496886860164047907,131072 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1812,i,12826615207762222880,1496886860164047907,131072 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5260 --field-trial-handle=1812,i,12826615207762222880,1496886860164047907,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4304

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2132

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
b6c6c689604d51ff69191f0ebf3e1344

SHA1
6f043d12ac41326297aed0e48a5e2f6fc61290de

SHA256
44ff2f1f0f8c857dc834050cf773d1c29e46e75070415ac882766652b0cc6a4a

SHA512
e865c1343dc340998fec21be2c42f7ead934f04e57a970458ddc6955aa1f029763fbccb960a67f1f0b2ac1e09aeac801244468a46f81ed6c4ce61f5a13ff0d33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
728f2318e0da78a9cd67f9e386a3215e

SHA1
5f5b056d54348add518fa4a102c86eb723056e78

SHA256
f75f8976e5824cc6a2d5c54ae5047c2356773550dee12271856a50858ffc7c55

SHA512
6548dae75f3ee42c0e695cb9d7bb89d47d0eeec80695f4b2abd8a2488183ff61b69b3d625f74332e4020a896c343755cf9df3e35eb0f3f2713d36d35ffac72c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
89e108a94d121b1e948793a471b9c414

SHA1
f56e661cab56238539001df83eeeb12bc9b387d4

SHA256
1e973b3f1d731aecc34a94b3e91db3743e14b5c70c1bc78f773a28804908327c

SHA512
95495bdf5fc0a0a11f4d32e85953d1ca4ccfc3f60550c6c28eaee9b63f83da702368502dd8aca58973903c68a6d6fb1e4cfe9c1d31c99967beb50bcd85717897

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
626ca45d8c6e48420139239d92f37b52

SHA1
587685837bee95ff6a5ac8c27c53eb6c9d793172

SHA256
81711a62578b36e991f2bde13f11a163d2c53168d6a0d43a19e77cd14ae72ee4

SHA512
a215fafc5a6c219d658ca5cbef6074d51864b5b6a84ab3c4c7ed86fedd0bd2bd6dc046ddcabc45960b3e54990930da77e1ff40454290c4985f56bc7fa3219aef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b5795a986ece3ba83fd98a99c05d491d

SHA1
feffa75f2f321001176fda3b09d068cec42b3329

SHA256
e9ac15d137f4552eb6e5643a261196fef68d223d8b2e26034c3c152e4b25af85

SHA512
db3e7829356524f720bf98bd20aa23c349fe40ca80d844af8bc339f1fd25d3c501a2493a12912522bbd3b907052eb2d33a92c03f381aff034abeef688b99827e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
96c264416deb7a3bb4b5737c32905243

SHA1
95bb53aa1e9e30d1bc04352afeee7e4b1aed433a

SHA256
fe47e9eb2aa5dc3633db208d4e0dd2a1fa7f1da7d8e5be42c9d04f39843c5cde

SHA512
e5c10cab0b3e426d35b2b67efd99d1f985ce1aed4b6eb18c0a3b2306ca1896f4b84153bc0e1ce0dc127b0ec4b64eca554e75f80cbcff6801e46d96e61c2b2372

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5cb9bf6856cfed0bcf82bf1a52d5b941

SHA1
c5a9131d8ae19a75e36bbbd40d1c393e66b50aaf

SHA256
c587603f99092d330357ac19d75a1ddc9951d4e5832a56f793dc8b6aae5235e4

SHA512
fc0c7fb1881918b32f87e4b0b05d6ea9e5f425bcfc304a9ddea31ff21724d9f18b0e9db2598cb0bacf1936efa08ce7a21acb56ced5a61cf375d4287d9edcb052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5865e2c8ab5dd668be64cfec9dd5ce32

SHA1
fa9e560e323fa3ef96ae507ea0f8fa8c98c4646c

SHA256
773994019e6a2a4b5461314c4d4058422700f645955535888022bce09f267c40

SHA512
c245088e0b2d81f5d4089daff3a95fe60679e11e7393de9bd8f038f72c369499c03a912acf56b2f1748b35c364fff60282a05fecfb172d5d7a9ced17f80a3f97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
95b03ad367bdae30861cf088da082ba1

SHA1
858def15600abe17b352c52317d642f6bc2d6fec

SHA256
c84651db47b46ada4c413c7773fccb173c6163821524daf2e2754a0467c4a51d

SHA512
57392e9c28cb060ed069c25c0caac0d211819bd82a53017e8686275a387ce68299962cbfc50296bc74e08e7cda505f9c2b728e87675e098364bccf3931903ee1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
549adf45b11fde8e370bcf9082551ef0

SHA1
353c8a8733905f6d55e9a68ea9e4160cd69a904b

SHA256
8da110e11feeda84a63c722c7362c6e2cc00d70ed9196337b1a23d774d24067b

SHA512
3c3b83ac726e9f3f3544d2ad0b06d6d1499cedc5456f02d693dadf3d54d1399755ce6f7c641b02d1ca39eac739505abedbac99755cf3be8837459c646a17c4ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
982fbebb74714b36f638d9f3b600c513

SHA1
bf02de457a99d450796715bfe397289a144703ba

SHA256
7cd1e4e9141ed1c7f90b4e5f9cdd797aba1cd4a4b3e0bf7682bad7f53d9ec2ef

SHA512
1c47c01e699c3ead9fbfead4094438aa2ba2e34f23e37d762c4d33188caab288721af627ef8af4e4a4253f6abbe625ac2a568e055425cda1d94e15a09cedb00f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
63f9853b42b3a903dee3c5b6aa47ff08

SHA1
a4ca99957c08d561f1ebf3c1ab2b42160662dd5f

SHA256
37cd3f8b1b7ef7643105760fbc3bc8a72101d5dcf3097a581ef7b949a73844c5

SHA512
2385caaf871f7f0a663685df93fc59ecbfc5708172eb9b8dcd67de4027cfc73308694f1359801a094ca683af96646a445477375a78ce93ec4dd210abdd212e48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
005e1316ce6fb4503966ea0d9f4c6693

SHA1
955bd1ef41b4ef5301480662d43cb097650863ad

SHA256
80ed07991ed7e69b56b8da20f6e2a31b2bbea45e4e3e8bfb04f47a501b161f52

SHA512
7c9468deb34f5ba44ccbc2e8b1bd9e02c353b037b49b7d2eabb01440a28a8f048582e066ef789f2dd3dcb25a0fc975fb7d290e911a9b6a0b1331e95616ad5cb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit