hxxps://email[.]theoklahoma100[.]com/c/1gZv7Bk6ycJqtrIoQ732n4TQkghV

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2023, 21:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://email.theoklahoma100.com/c/1gZv7Bk6ycJqtrIoQ732n4TQkghV

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133337576883815271"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1400	chrome.exe
1400	chrome.exe
2756	chrome.exe
2756	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 3460	1400	chrome.exe	84
PID 1400 wrote to memory of 3460	1400	chrome.exe	84
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1192	1400	chrome.exe	87
PID 1400 wrote to memory of 1032	1400	chrome.exe	88
PID 1400 wrote to memory of 1032	1400	chrome.exe	88
PID 1400 wrote to memory of 4516	1400	chrome.exe	89
PID 1400 wrote to memory of 4516	1400	chrome.exe	89
PID 1400 wrote to memory of 4516	1400	chrome.exe	89
PID 1400 wrote to memory of 4516	1400	chrome.exe	89
PID 1400 wrote to memory of 4516	1400	chrome.exe	89
PID 1400 wrote to memory of 4516	1400	chrome.exe	89
PID 1400 wrote to memory of 4516	1400	chrome.exe	89
PID 1400 wrote to memory of 4516	1400	chrome.exe	89
PID 1400 wrote to memory of 4516	1400	chrome.exe	89
PID 1400 wrote to memory of 4516	1400	chrome.exe	89
PID 1400 wrote to memory of 4516	1400	chrome.exe	89
PID 1400 wrote to memory of 4516	1400	chrome.exe	89
PID 1400 wrote to memory of 4516	1400	chrome.exe	89
PID 1400 wrote to memory of 4516	1400	chrome.exe	89
PID 1400 wrote to memory of 4516	1400	chrome.exe	89
PID 1400 wrote to memory of 4516	1400	chrome.exe	89
PID 1400 wrote to memory of 4516	1400	chrome.exe	89
PID 1400 wrote to memory of 4516	1400	chrome.exe	89
PID 1400 wrote to memory of 4516	1400	chrome.exe	89
PID 1400 wrote to memory of 4516	1400	chrome.exe	89
PID 1400 wrote to memory of 4516	1400	chrome.exe	89
PID 1400 wrote to memory of 4516	1400	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://email.theoklahoma100.com/c/1gZv7Bk6ycJqtrIoQ732n4TQkghV
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffca4c9758,0x7fffca4c9768,0x7fffca4c9778
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1872,i,10645039683008756759,4871386231173689460,131072 /prefetch:2
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1872,i,10645039683008756759,4871386231173689460,131072 /prefetch:8
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1872,i,10645039683008756759,4871386231173689460,131072 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1872,i,10645039683008756759,4871386231173689460,131072 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1872,i,10645039683008756759,4871386231173689460,131072 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4840 --field-trial-handle=1872,i,10645039683008756759,4871386231173689460,131072 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1872,i,10645039683008756759,4871386231173689460,131072 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1872,i,10645039683008756759,4871386231173689460,131072 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3904 --field-trial-handle=1872,i,10645039683008756759,4871386231173689460,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2756

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4632

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
bbbe0bc6357065eb48fded78a1b4a51c

SHA1
546cf2b1d4c9a5a5cba114a0587a68f6e6bef18d

SHA256
14a201dea94100dcaba163c6f875e33b28b9ff2a6f2b6f1afffa366240fe860d

SHA512
fa2e45eba20e60ac8402c2fa4c3badf76c33b746e5b2ef7781be36942ab7d82f618121740b980ffe6115c2e027d4f22d399116e87380a16d860758273702e6e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3cce50355f296ef0e827b21008e57ec1

SHA1
fe115519676436aba0a0d3f5d09664a14ccb7354

SHA256
54b3ec081c3f14aa066e7e9f82f4677d3e0ffde440605f08886095678352c0d4

SHA512
65b2e815dbda06ca41a6b162687c67ca9b8ae1224e1c20eb8b8e9dfea461e0395d10485e98a4b982d978665fb699dc46c8ba4a974cfcaf39c6f654aae84e4d3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
22c1af908adc01fc463fc2b075ec0241

SHA1
fa96f8c9d0d31d47fe49bf1fd036e60deb473f1b

SHA256
d46f8a3b00b5a6642bb8c5045bfd6bd1ae0ea29ac0780e2e1b894bc2e7d15fa8

SHA512
800041b9e12900c25628adaf28f441c910eb9377d9ea5b3db8c4d90dcc4c89abb15813c46cbe74bb2a69dff7cf2a5c5a6bafb47216d9929d51a760db682e9fba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
baaef88522bf2097e3b84326d6e4a3d3

SHA1
7ed09d6fa23bcba470776841d9c2b3a586c86cd0

SHA256
e32edc75e40cc06d293d425f704278655b7b80fa4c846d3ebf0b6a2b01d68065

SHA512
2d93bc5aec44cda3c76a9f7907733ea03d426cb089560cc5c74b81511b435485d4543873b31172eb4b114b63a8e1b6a3f3e950226980f171348fb709d94f8f8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
2a5e77f20eba793a2a3c3284ed4f0a8c

SHA1
9d9714b5e3a63adcadf827258f6b6774e5fdf733

SHA256
1c473079bbdbef33a680a42f906bda35cebc9103c66c2dd5650e2f5c31a79bf7

SHA512
e24aee6e2a12aee93ad75f0717759423d4c8222868acfdd542ff01252a216300dd7aa23857dd3f70c25c4a827ac2ed4e0106442c8ef54b5bf735e9f45f890439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
732ff725c4f0d2a48562e0c4a3d268b4

SHA1
ab8aa9817940c3c632c42b0b6953074aa29ef841

SHA256
dfd90240f596b9192c3f5e7a2c77301f0a0bb8a52ea2e2c3b7ec524f49dd2ada

SHA512
7146dbb3d4d5bfc0314b4c1ff2432bb777dcf2105066dabe1e4b262ea76f47f7ed1e704527a3841e7e6fe322d877f1391c313dd3fca3979bbeeda8895139b3a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
be44b77562dc173829f4aee44dd8f0d9

SHA1
ab961c0c0745f95074e020c7bbc78fb2c8fc1362

SHA256
d24a19dc43e347db92b8479dbdd0d930ad5ab7409313d7a326767053dab9c216

SHA512
71e02ac9e619cb1d33fc31b62d5a5e279e263eb5439a42bc8bb08472bd33b4c4596c9474db9c07b7cda032237f6af576f57b9fcca064de4f611e7f0b67fcd6f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
a8408bb1162e37fddcceed66960f3d7a

SHA1
9988461cdcb7bedf415db501dcdfe0e17769759a

SHA256
2fac418d69d14751739678d8391f83784b351321c72a6125f39d43b0e945f41b

SHA512
cf7e93057d2c607807dde3bb1b277e543fa4c3e8e0cfaabc41cac77a10f535f87093dd343a8772cc96e8c799ea624baf7d5d8c7d53b5768027e292c9dedc0a8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a359674ef9c940e9455aea3b6da5cd65

SHA1
6e38b154ca5b7651de9e38bd1e53575a9e787521

SHA256
def3d29e79ad88d69304f0582d2a99d9dd4bf3db078a2b58e68411b138d2967f

SHA512
11a6ea6a577c8cbde09ceacd6242671415cb0e504f0e3f0ac88b992bf620809e8e77d428f9a1f6e0fddc6e4603504e693c02d767d80eee9150e38af7628fd105

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
aecf376264657db0dc9e3390276770a3

SHA1
7745a1e68ea127fef9bf979beb27961c811c6576

SHA256
46abff560bada2979c88df10fb0c6e20f0670742cbf959488ac9a6150cebaee1

SHA512
a46909b83a944860edfbe7e179bc38c2b73b0a0b9d3b87176ce523915d68cc53a8411e2cb3fb2eef94b85c7adee55c90237ee7b4887fab859ecfb6de271f753b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c2943dfd572af5f8e7a2642988976512

SHA1
e9418f4c20c0e64a128a8a315163265d5ad755e2

SHA256
e17645930922176ef6ff73f57bcb7b65f2498483f805a8259114447e9718e9f4

SHA512
af9ce379bc26d2604524b866a967f9215099d376d6e89ccd6f4728d01491dedc7b8f8f6e8badfe878c9f357b41a57e288385e72bf839cc174c28182bf586dd3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
bc487344dbabfab31425a22886e88575

SHA1
1b3f9bd59bd406cd40d7f5ba505ee7a19fe14cf1

SHA256
7c77a7e2078d73c3f79d28fe8667036cc33dec3b527260522362662a1bb15755

SHA512
dae9bdea1c277260b4afea322fb51dafc7408b52b4d00ff7ed5b5577c5ac2f07cc9f5bb9ae6c7af4792d3074ba5aea3cb6e7e30922ab2e6670dcac93d4140551

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit