hxxps://fa-esrv-test-saasfaprod1[.]fa[.]ocs[.]oraclecloud[.]com/fscmUI/faces/FndOverview?fnd=%3B%3B%3B%3Bfalse%3B256%3B%3B%3B&fndGlobalItemNodeId=itemNode_supplier_portal_supplier_portal

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07-07-2023 09:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://fa-esrv-test-saasfaprod1.fa.ocs.oraclecloud.com/fscmUI/faces/FndOverview?fnd=%3B%3B%3B%3Bfalse%3B256%3B%3B%3B&fndGlobalItemNodeId=itemNode_supplier_portal_supplier_portal

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133331974588704332"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2404	chrome.exe
2404	chrome.exe
2712	chrome.exe
2712	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 3936	2404	chrome.exe	20
PID 2404 wrote to memory of 3936	2404	chrome.exe	20
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 4564	2404	chrome.exe	88
PID 2404 wrote to memory of 1296	2404	chrome.exe	89
PID 2404 wrote to memory of 1296	2404	chrome.exe	89
PID 2404 wrote to memory of 1064	2404	chrome.exe	90
PID 2404 wrote to memory of 1064	2404	chrome.exe	90
PID 2404 wrote to memory of 1064	2404	chrome.exe	90
PID 2404 wrote to memory of 1064	2404	chrome.exe	90
PID 2404 wrote to memory of 1064	2404	chrome.exe	90
PID 2404 wrote to memory of 1064	2404	chrome.exe	90
PID 2404 wrote to memory of 1064	2404	chrome.exe	90
PID 2404 wrote to memory of 1064	2404	chrome.exe	90
PID 2404 wrote to memory of 1064	2404	chrome.exe	90
PID 2404 wrote to memory of 1064	2404	chrome.exe	90
PID 2404 wrote to memory of 1064	2404	chrome.exe	90
PID 2404 wrote to memory of 1064	2404	chrome.exe	90
PID 2404 wrote to memory of 1064	2404	chrome.exe	90
PID 2404 wrote to memory of 1064	2404	chrome.exe	90
PID 2404 wrote to memory of 1064	2404	chrome.exe	90
PID 2404 wrote to memory of 1064	2404	chrome.exe	90
PID 2404 wrote to memory of 1064	2404	chrome.exe	90
PID 2404 wrote to memory of 1064	2404	chrome.exe	90
PID 2404 wrote to memory of 1064	2404	chrome.exe	90
PID 2404 wrote to memory of 1064	2404	chrome.exe	90
PID 2404 wrote to memory of 1064	2404	chrome.exe	90
PID 2404 wrote to memory of 1064	2404	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://fa-esrv-test-saasfaprod1.fa.ocs.oraclecloud.com/fscmUI/faces/FndOverview?fnd=%3B%3B%3B%3Bfalse%3B256%3B%3B%3B&fndGlobalItemNodeId=itemNode_supplier_portal_supplier_portal
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1d109758,0x7ffa1d109768,0x7ffa1d109778
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1896,i,3017230080380929972,16634068900813313781,131072 /prefetch:2
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1896,i,3017230080380929972,16634068900813313781,131072 /prefetch:8
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1896,i,3017230080380929972,16634068900813313781,131072 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2836 --field-trial-handle=1896,i,3017230080380929972,16634068900813313781,131072 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2844 --field-trial-handle=1896,i,3017230080380929972,16634068900813313781,131072 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1896,i,3017230080380929972,16634068900813313781,131072 /prefetch:8
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=1896,i,3017230080380929972,16634068900813313781,131072 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1896,i,3017230080380929972,16634068900813313781,131072 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4588 --field-trial-handle=1896,i,3017230080380929972,16634068900813313781,131072 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3756 --field-trial-handle=1896,i,3017230080380929972,16634068900813313781,131072 /prefetch:8
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1868 --field-trial-handle=1896,i,3017230080380929972,16634068900813313781,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2712

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1108

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
3bcbd3dc0c7dfcf1a698d0377c8ca3f9

SHA1
f3f5b6ae458fedbe9e9e66baa31945eba4b606b6

SHA256
c5b4c5482e96ec9643b536f42eb8a226c91eaaa3d375320551a166329527ee06

SHA512
90fd1a54941a46c24b6be9ec541a1e3804ea0ac2ee1922fd113dd194c2cecba5e41e6d48e3295faea40ec38b4950e8a5dd150974cedd64045c2a010508298ba5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
5fa3773fbcd0e63ae1cd5fe01fa3308f

SHA1
a1b8fb550c8265ee9454a2e044295a4a1d404517

SHA256
f35a20682fa44eca670b9adcfe526458df7068979b09dac2fbf210daa64458e9

SHA512
24c3b2322e1f7e854470d86f3c433277cd3b600c809abfa0b5ef10c16bd09e88660430832cac00550796a1563f27f98f7bd1a8cadd7a57ca71ab34a6f86097b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
144b4d74a79cc9bb15b781c7820f2a19

SHA1
ea2650bad61678d13e1226095afa5c420734cdb0

SHA256
235b3c9c1838e4abec36d44baab4e259cf9f09dfacbf9098eb1e32da00c7859a

SHA512
0dd65d3af62a0c836a35242cae9d5c058dd6395f64aa303cc0f49aede017600057290cd744d2d485a4759b92ccd6e2d12d6cf116bc00911c9baa5b2538ba5a71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
697B

MD5
5f4f8e89760b4ad4eb34f70e1c297cd2

SHA1
cde9d761fee103009ec1135e7012dd8c9309b2f8

SHA256
ba6335be6644608bd6eca7f82b3aabf295aef9bce83f13a7043849fc62b737a5

SHA512
469d7a7887b5fe28872b01a2997120d6f34600bed6583be522288378b4bb6bb99c3b6316207617e6be812fcd48987b3eebfd3abf939067be785e60f75d6a1f7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
533bf576655dbeed3a97e9780e1c9f9c

SHA1
809f10e7382706feec84effcd0880a54f97ebf86

SHA256
8c4484a082a0339b678047d167ecd90e3378b7ad90818d78fcef752f21c39f36

SHA512
0835f5027abc91f54747ebb60b14d150d6e1259073a85bea5ff86dbf7be37b6fe2fe04fa498dd91d9cfaef12383c19f61ce8175124857fac0b79c3e0500c2459

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
aadae9011e1f979df70ed2c6cd3851fa

SHA1
c856773b583efb7c1f89702ae409e31371a8dd94

SHA256
d8ce353c447c274ffaffae66dad4d4a045cc6ae5e57a466674240961f7284126

SHA512
09967e37dade452e54d3a5fd7b087e2d629a41d22deeba3f8f56fcb872dc14657ef0b42793d51a6930b845f626f15b215576b56b7c688ed09a505ba5caaf05be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b7f5246317db6a8aaf28a4df1818182c

SHA1
c61bf81c02272fc7e36ac613054036d76c127b93

SHA256
cfb9b1821fb1e9ec6be5660b40b520bf271706444972e1ba3c80c3ac1d480c89

SHA512
9d0002f90d677e08bfd034aa1bbade287bea615b3d414a38cafe97ed82cc9f215f6a4b7cf753e50417efd17a75f63641324b173342f63d4b2f89dae2044950bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ca3d6016dff484c5173347120f2dfc5d

SHA1
b75d3227ff8e09d790ad6a996a197ddd4477a5df

SHA256
6821d86863cf888192aab2f19a465aa9b1e3499ba2f7f19cc0e825304aaf5415

SHA512
85f31fcf071422ea942b564b8d640d8f61d91d4096cd8e15feb8bd1d0ca35dfadaa27482fc5b09b7a5079e3b2c682af8ca02ec7e71448ca101b30249d4d0fe59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
3948ca5e11843ab999a0163819768afb

SHA1
04b1ab0a39e052e9fc162380c1b96edff6bf6224

SHA256
8c770260093a966b8b0f696f0426fb1df15393024dfecc38c60583041a1b6e22

SHA512
e068e2b71472f9c07c3ccf3abbbb31754b0620ab352938897dd1ac2ffa888c44df7f6e5d89fdfb7ebbe313c589d78db8460cfcb938f81d6e86f51b7dab0f05e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
554789a5bb60d8f42a4663b288f4100d

SHA1
f9974e6dc725af5ba1ce186b13f52fcc549ff3ae

SHA256
7e3e8efc98249effc625c3a95de5bff5b92fc74229a1abfd026859af6141c662

SHA512
f9b3be24a952a39b74d436d3487a55d9f1d2b1e809f9d884f528b3afe08e91a9c2ba9b09cd08fa3cd2edbb1b85c5ab73d6f6320b31431e9c3a073a371df228cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58700b.TMP

Filesize
97KB

MD5
8143661d5c3083a738691b6f44e04618

SHA1
5bab7d7fc822e6f35a9be5e8e569c9f56f3c7680

SHA256
d298173950806e522fc49c491d84b8c305ed4c51bfa850ad89fc6dfce0c962bb

SHA512
59f65f4d563060190911e5f451b71b28b7c14bdbc13c20484cf99260ddf34b16791fb30269a9b418e106e31daa562b0f2481a77ce50748a8bd04c0cf91d930f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit