hxxp://www[.]e-sodexo[.]cz

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2023, 09:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.e-sodexo.cz

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133334532168230862"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
1144	chrome.exe
1144	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
832	chrome.exe
832	chrome.exe
832	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe
Token: SeShutdownPrivilege	832	chrome.exe
Token: SeCreatePagefilePrivilege	832	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe
832	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 832 wrote to memory of 3904	832	chrome.exe	31
PID 832 wrote to memory of 3904	832	chrome.exe	31
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 2992	832	chrome.exe	86
PID 832 wrote to memory of 1356	832	chrome.exe	87
PID 832 wrote to memory of 1356	832	chrome.exe	87
PID 832 wrote to memory of 4864	832	chrome.exe	88
PID 832 wrote to memory of 4864	832	chrome.exe	88
PID 832 wrote to memory of 4864	832	chrome.exe	88
PID 832 wrote to memory of 4864	832	chrome.exe	88
PID 832 wrote to memory of 4864	832	chrome.exe	88
PID 832 wrote to memory of 4864	832	chrome.exe	88
PID 832 wrote to memory of 4864	832	chrome.exe	88
PID 832 wrote to memory of 4864	832	chrome.exe	88
PID 832 wrote to memory of 4864	832	chrome.exe	88
PID 832 wrote to memory of 4864	832	chrome.exe	88
PID 832 wrote to memory of 4864	832	chrome.exe	88
PID 832 wrote to memory of 4864	832	chrome.exe	88
PID 832 wrote to memory of 4864	832	chrome.exe	88
PID 832 wrote to memory of 4864	832	chrome.exe	88
PID 832 wrote to memory of 4864	832	chrome.exe	88
PID 832 wrote to memory of 4864	832	chrome.exe	88
PID 832 wrote to memory of 4864	832	chrome.exe	88
PID 832 wrote to memory of 4864	832	chrome.exe	88
PID 832 wrote to memory of 4864	832	chrome.exe	88
PID 832 wrote to memory of 4864	832	chrome.exe	88
PID 832 wrote to memory of 4864	832	chrome.exe	88
PID 832 wrote to memory of 4864	832	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://www.e-sodexo.cz
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa906c9758,0x7ffa906c9768,0x7ffa906c9778
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1908,i,17316793808562768573,7685603334029905184,131072 /prefetch:2
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1908,i,17316793808562768573,7685603334029905184,131072 /prefetch:8
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1908,i,17316793808562768573,7685603334029905184,131072 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1908,i,17316793808562768573,7685603334029905184,131072 /prefetch:1
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1908,i,17316793808562768573,7685603334029905184,131072 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1908,i,17316793808562768573,7685603334029905184,131072 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3960 --field-trial-handle=1908,i,17316793808562768573,7685603334029905184,131072 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4808 --field-trial-handle=1908,i,17316793808562768573,7685603334029905184,131072 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4596 --field-trial-handle=1908,i,17316793808562768573,7685603334029905184,131072 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1908,i,17316793808562768573,7685603334029905184,131072 /prefetch:8
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3124 --field-trial-handle=1908,i,17316793808562768573,7685603334029905184,131072 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=920 --field-trial-handle=1908,i,17316793808562768573,7685603334029905184,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1144

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3796

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
9d429f98be13eede14bf598f6fa176c4

SHA1
f5c4b85d4bdbb27b2132d5a10cedde49c3579940

SHA256
f7b4f81c65f85834b897268bc54dbc6b90e564c581d7be47df6bdec57c7a3580

SHA512
4c8683ba62c1935adc0d7096248fd1f06b4c85fb842c0e5427b7b13ca937e0a5bc93a557ddd71030cc01f796900bc2c7496ceb377c0cf27315b5924375259b10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
cfa782b0a007be53011efc288d5008e1

SHA1
aef5fc391467bf4ba6d64c70067790b01d3832e9

SHA256
8d4c2096b5f8591621ecc9d74d9af3867310fd0c98b09a0b2d12cfff5f6ee9d1

SHA512
658a755502d0f484be3a06a7d51daae6d309547165864ac2cde47ec8a24c810e06d82ab5b8b0079fbad7e9c1febf4c49ac28a24baffa4b7fa60a6068a9a7adb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c8a6480c4f39f3b8383c4791478f1976

SHA1
e3f9f28180a9d33040be9b89dc530e14d166e9ad

SHA256
6b42975cd9b16644c6b1650624e06723f7d5c496924322cb1e4e4feee5990259

SHA512
7c659ae2a012036488df0715c2201922783012a536c3fa8aaafa5c3ab856e485aeba5416c29f15031b3f1f0e8f2de7488bbe3c3b6fd312dc1ee20069b1f866bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
006ffb3deb6edcb62ca986ae9db54522

SHA1
661eb763c22ff5ba14e7efc1252c528725b45e9c

SHA256
cfded4fc4d3032ab4faa8202a11158f52e99d3b34dab09e6db220f28f4c6758e

SHA512
db7b0ca52e680dbe4b448b8960dbae2020bef7c7197cf3552f3286d655265b01c61ec7f7d428bb2b1957492489cfa371a3e909ba1b5024ee9d8b4fb9f9321106

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
7005f47bcfc9c4dc79f69979a9c70232

SHA1
99551d8f7eb993242aee0975731e2f5f9b6e5d72

SHA256
0e878a8a53e45204a3e4b890764714b4b70f5786f457fe8557fc04d62d3bb6e1

SHA512
37be1ab65859b0993bf47944a8cd8aac56d3c665e83d5c880b58d9daf1872e37a585534abbc37727093e8f962aee856df9068821c80fa0d86bccaed7344007c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3ef087ddc6e258f7e41126625175fe43

SHA1
b19eb3c237eda10e524e9f2077d4d5ded1e5a903

SHA256
9ec84a3286d8451268f69bd10fea14fc644b73d631ea8ba99f0715be4c795754

SHA512
2c1217e05ff432eb5816bcaf3b5ea7f9f166f78173751570bcfa9fba6f599e1442e59a42e344f80bda930a7cdcf974d63658426b6fb388a38bc3afbaabd6f3b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a2a6e3c13ea2db999939ffa9e2331ce2

SHA1
870287bd63e95a3189ede3869c5fe85e5289c712

SHA256
da5060da710713668cf9fc6ae5b887f9cf60dcce667462fa98fbb957fe11261c

SHA512
0a248b8dbd88b8e125b20de920290911129d2dba875d9753da380f1569741604744ad09e2c4c011ce186a5766db6ac2022eee3175e049185b6b3bb57d70ee5ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
18520f172656d63004dde7ec6b1e03e7

SHA1
c517d50a1a5805ae5c5161ecf8cfb277aa4821c2

SHA256
d4fc42cf1e22b6df9d9fe558b54d36274c6f8f6499ed76b12d8755e284321eb4

SHA512
5d11a62119a0796fa2230a72288ed1a736309dccc3c40a1ec4706cc8d8c92e389bf42cc7e0ddee4efc1eb5828adc2d698c091eb844237412a653fe8de9e9adcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
543159432b764d6b80c8f2c64c3a00bc

SHA1
94d9fc3493851bc31fbe58025b8bd5eff3729806

SHA256
5101b3b25295ece68ecd62520905931ab7b2cb22c2a8517d31806d4d5a7c3fc3

SHA512
3d961138f834a490962c012818da85372eaa7b01d29a1fed03c7d7bd7e506f0ca7900de58df2b437d24465e195ea10b943b734ba4c06b0b2d98a83d850017cc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
df7fea56a00698804b7b43fa4e33df0e

SHA1
2824ef0efb9359085c34cf0417d94d215e52406e

SHA256
2b38f514de6046d07b276e08c68ce9b08e7e3dc3d546bda08f727853c34691d6

SHA512
bf50fd8f412b844983d5425625cdde27982c602f0c81c4840c7c528ebf7695dfeb350cf25d55010237169061c57f62ded4c87ff31d063ebc358b80b72de6bb4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
242bb4c0a66d3a4d18c3e95f4768cf92

SHA1
62b86f6912e4fcefe056d9a1b3ba18b577b933f0

SHA256
3948dd7652f8d5dce1c0b78dffde7ab9d6331f9d5e83776f636d8d46d40e3b95

SHA512
c138b8376a3e3057a76621d8668e3160f8ab2c5798d3200901556e2db32111819ca7fb6ab323c4854bd1a4a5e5184fd8127ae2f7323c5e6eb6f26e1d18e94508

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
f14c2ad95cf99a710c004f028293870d

SHA1
f1603d9a46e60dc0168484cc79db9cb428ef8243

SHA256
ba36c0f691232e50250ee73e04de016d1a0d2f8b824f6ba7b857320cbc489ba1

SHA512
249ed3f35e8c66a48cbf7214aee8a2e4c7f955846fb02ec67029f973eb5df798129c97bd871e587d06708d952fdbc8f03777cc5f130b6b04d59109e1f832f5e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit