hxxps://tmxic[.]app[.]link/13HXAitqjBb

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2023, 14:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tmxic.app.link/13HXAitqjBb

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{6F3BE9C9-35B4-43EF-A907-0B001136D655}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133337320810415105"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1120	chrome.exe
1120	chrome.exe
4624	chrome.exe
4624	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe
Token: SeShutdownPrivilege	1120	chrome.exe
Token: SeCreatePagefilePrivilege	1120	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe
1120	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1120 wrote to memory of 4800	1120	chrome.exe	53
PID 1120 wrote to memory of 4800	1120	chrome.exe	53
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 3816	1120	chrome.exe	83
PID 1120 wrote to memory of 2540	1120	chrome.exe	84
PID 1120 wrote to memory of 2540	1120	chrome.exe	84
PID 1120 wrote to memory of 4596	1120	chrome.exe	85
PID 1120 wrote to memory of 4596	1120	chrome.exe	85
PID 1120 wrote to memory of 4596	1120	chrome.exe	85
PID 1120 wrote to memory of 4596	1120	chrome.exe	85
PID 1120 wrote to memory of 4596	1120	chrome.exe	85
PID 1120 wrote to memory of 4596	1120	chrome.exe	85
PID 1120 wrote to memory of 4596	1120	chrome.exe	85
PID 1120 wrote to memory of 4596	1120	chrome.exe	85
PID 1120 wrote to memory of 4596	1120	chrome.exe	85
PID 1120 wrote to memory of 4596	1120	chrome.exe	85
PID 1120 wrote to memory of 4596	1120	chrome.exe	85
PID 1120 wrote to memory of 4596	1120	chrome.exe	85
PID 1120 wrote to memory of 4596	1120	chrome.exe	85
PID 1120 wrote to memory of 4596	1120	chrome.exe	85
PID 1120 wrote to memory of 4596	1120	chrome.exe	85
PID 1120 wrote to memory of 4596	1120	chrome.exe	85
PID 1120 wrote to memory of 4596	1120	chrome.exe	85
PID 1120 wrote to memory of 4596	1120	chrome.exe	85
PID 1120 wrote to memory of 4596	1120	chrome.exe	85
PID 1120 wrote to memory of 4596	1120	chrome.exe	85
PID 1120 wrote to memory of 4596	1120	chrome.exe	85
PID 1120 wrote to memory of 4596	1120	chrome.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://tmxic.app.link/13HXAitqjBb
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd67a99758,0x7ffd67a99768,0x7ffd67a99778
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1844,i,216288863253845917,216752825790161260,131072 /prefetch:2
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1844,i,216288863253845917,216752825790161260,131072 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1844,i,216288863253845917,216752825790161260,131072 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1844,i,216288863253845917,216752825790161260,131072 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1844,i,216288863253845917,216752825790161260,131072 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3920 --field-trial-handle=1844,i,216288863253845917,216752825790161260,131072 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=1844,i,216288863253845917,216752825790161260,131072 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1844,i,216288863253845917,216752825790161260,131072 /prefetch:8
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1844,i,216288863253845917,216752825790161260,131072 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3756 --field-trial-handle=1844,i,216288863253845917,216752825790161260,131072 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5384 --field-trial-handle=1844,i,216288863253845917,216752825790161260,131072 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4016 --field-trial-handle=1844,i,216288863253845917,216752825790161260,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3684

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
- Checks processor information in registry
- Enumerates system info in registry
PID:4172

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b31fc60e5bd9115870e9094972a1c240

SHA1
ef552c6bdebb1ca631836e32096f38eb94e4671d

SHA256
484358f7548ce323aa2482cb701d0fa51282f47a25e63a02f7ff0614a5ca262d

SHA512
b8d061f617e7763fa89aff1debbf41918ce61c5f59aa72afbb4f3b07147ff2f9f530251d4d82fd12b456d98a0cf6592bee9de0793f19df14af31da555e6e0466

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
66072f2a4bfdebb9b85e3686454e4876

SHA1
f4fa57055816b41e9c189b88ff43bd7f7d274800

SHA256
8927457cbaed892dc0fd366121207e174561b63008270290e261492728d628a8

SHA512
67ff1618787b408ea07033fc6793b3f25fcca7da1a89c7f41f1995a200c13953330d8746f803024aaccdbc842a8d6fb3c1734318daef52482cbbc65f0d3bf059

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
f1a7540af7243bafbf89701b276b9946

SHA1
a16968be674e08faa0df0c6f7e814f537be59f55

SHA256
a998904c8a759d10c10b9e2d357a10eb2139ca342669c3a3fde3438431382856

SHA512
b4c39caa2c6bb64f669b2bfddef44c4d14e2d6e9fcbbeef343cefcafc272f06a2fd41a1d953e8b8b07e93de6ff3f80123227893c5e767485ef4806c50fd2486f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c228f9fe83094ff81c4113cdb7e85d5a

SHA1
2d51bef8d1cee22041ccca96a99e0aba739ec958

SHA256
3cf9c75f905e04504261a686da39f8292a10709cbd4b55e8bf06c299dfb0373a

SHA512
9e4b48f58216f5c8ef793314822b4af2208196680dc6766ea4453db80708f55dcd9c842a45860a7d9638f1d71e99b064dab773ea9943dae5e89cbdf031528f12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
39c3d8c7386c54b432c27511890c663f

SHA1
e2cb728be02bf56f1e84d0c8a2a61354491e4790

SHA256
946955c850b18a77ac419f8387bfbd2215939cdeeb562f9414aab1363911dc0b

SHA512
04e08d589cf24aa8240180c2847693a450f6bdae551fd4dbc0be7a6a33b32de5b0b7581e81b5e32f9748d099d0e8a273a8a42d6322702ad701fa428a8d272594

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f63d92275afac3fad905024a2e6d83d3

SHA1
df7dc7be09c2bd43d0b9e86c04b16b687390668d

SHA256
cc8d78988c8b3c7a4800758edbf9408d453b1fb4cfbdb8a8fe8eb092fc76f842

SHA512
db86446a1cd7d4c555ff242dfbaedde91aaee42fae6732f4c6d1f5dc3a0113ecb6682818514f29d5b976053b026ee8755dd570c04e4b28dc926e08effea33064

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
264cde6f2d0fd4c51d3af85e18d89978

SHA1
bdcc37883c2a68487e84bcd14d3b6cdb5841e102

SHA256
5fcc95583399894dd78e155950f02f37a8ac461a4112c465865bb9ca14efd205

SHA512
61231ef0a50701e226000da08e5c1b05d212dc5d6c91f82015cd607c97a192b2e6bd52cff9d75e63a43ef74b8076ff4f03462c3da43864006806117d041bab78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
c2ca051d305f69753c9142b894e8ca4a

SHA1
436ddc2674d0a5184c4d5cc2fee1d548108c946d

SHA256
d987452f31f1d80420fe0c0ba5395c5fca12858fa4989b3a4816c691951f62f2

SHA512
a4d1d1b8f0a90abb9210a2f466411ffc0d695f9fec4ac16ee9839cd5ad00b74985409f769cd029affaca37e60944ad1c6ab3c87f5c24676758f683afe53259de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsuA7B9.tmp

Filesize
14KB

MD5
c01eaa0bdcd7c30a42bbb35a9acbf574

SHA1
0aee3e1b873e41d040f1991819d0027b6cc68f54

SHA256
32297224427103aa1834dba276bf5d49cd5dd6bda0291422e47ad0d0706c6d40

SHA512
d26ff775ad39425933cd3df92209faa53ec5b701e65bfbcccc64ce8dd3e79f619a9bad7cc975a98a95f2006ae89e50551877fc315a3050e48d5ab89e0802e2b7

Download Submit