hxxp://herbalzilla[.]com

Analysis

max time kernel
74s
max time network
78s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
17-08-2023 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://herbalzilla.com

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133367121032670456"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1722984668-1829624581-3022101259-1000\{AFD19704-88CA-43A7-8775-4DEF1A83E8EB}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2772	chrome.exe
2772	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 2728	2772	chrome.exe	83
PID 2772 wrote to memory of 2728	2772	chrome.exe	83
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4900	2772	chrome.exe	86
PID 2772 wrote to memory of 4188	2772	chrome.exe	87
PID 2772 wrote to memory of 4188	2772	chrome.exe	87
PID 2772 wrote to memory of 4848	2772	chrome.exe	88
PID 2772 wrote to memory of 4848	2772	chrome.exe	88
PID 2772 wrote to memory of 4848	2772	chrome.exe	88
PID 2772 wrote to memory of 4848	2772	chrome.exe	88
PID 2772 wrote to memory of 4848	2772	chrome.exe	88
PID 2772 wrote to memory of 4848	2772	chrome.exe	88
PID 2772 wrote to memory of 4848	2772	chrome.exe	88
PID 2772 wrote to memory of 4848	2772	chrome.exe	88
PID 2772 wrote to memory of 4848	2772	chrome.exe	88
PID 2772 wrote to memory of 4848	2772	chrome.exe	88
PID 2772 wrote to memory of 4848	2772	chrome.exe	88
PID 2772 wrote to memory of 4848	2772	chrome.exe	88
PID 2772 wrote to memory of 4848	2772	chrome.exe	88
PID 2772 wrote to memory of 4848	2772	chrome.exe	88
PID 2772 wrote to memory of 4848	2772	chrome.exe	88
PID 2772 wrote to memory of 4848	2772	chrome.exe	88
PID 2772 wrote to memory of 4848	2772	chrome.exe	88
PID 2772 wrote to memory of 4848	2772	chrome.exe	88
PID 2772 wrote to memory of 4848	2772	chrome.exe	88
PID 2772 wrote to memory of 4848	2772	chrome.exe	88
PID 2772 wrote to memory of 4848	2772	chrome.exe	88
PID 2772 wrote to memory of 4848	2772	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://herbalzilla.com
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff995839758,0x7ff995839768,0x7ff995839778
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1780,i,1568837080198652802,13046948280659259857,131072 /prefetch:2
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1780,i,1568837080198652802,13046948280659259857,131072 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1780,i,1568837080198652802,13046948280659259857,131072 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2868 --field-trial-handle=1780,i,1568837080198652802,13046948280659259857,131072 /prefetch:1
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1780,i,1568837080198652802,13046948280659259857,131072 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4640 --field-trial-handle=1780,i,1568837080198652802,13046948280659259857,131072 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4884 --field-trial-handle=1780,i,1568837080198652802,13046948280659259857,131072 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1780,i,1568837080198652802,13046948280659259857,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4996 --field-trial-handle=1780,i,1568837080198652802,13046948280659259857,131072 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 --field-trial-handle=1780,i,1568837080198652802,13046948280659259857,131072 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=1780,i,1568837080198652802,13046948280659259857,131072 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5404 --field-trial-handle=1780,i,1568837080198652802,13046948280659259857,131072 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4948 --field-trial-handle=1780,i,1568837080198652802,13046948280659259857,131072 /prefetch:1
  2⤵
  PID:3956

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
46KB

MD5
a7d2813ef4fcfd951349093a084ee380

SHA1
2ec0e5e23a310968778b1573c51cf913ddbc7d6e

SHA256
63bf3e172d621449d976a8675cba1d9eb73c72ebd9dedf4e9f79cfb518817ee1

SHA512
2ea564393259d1f523c1a80bea16621f68e9e03178228d98f3c7252a60b119a30a9228779785c1e4320e064d9fd071d8a2894f34d136e8feaf680d18b7064f54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
e2cc9e7d1255485571d4e512d31515d7

SHA1
beb5f07d7f622be692906e0a0866979580ab024a

SHA256
e16eeeb788dbc64fdcc06c0f2269a5d31a6d0bbc0de2f81255d96e5b342e75d5

SHA512
d5ea7cfa39a672a14ad09e10522631fb182ab09c06037a5cb362deb5bed4e3235a77ecb6259a0e34e823819dae67da65cf3bd13ae46441197c9508be5b2bf3aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_orderherbalonline.goherbalife.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a2975848bcfb4f9c71c47e983cd7666b

SHA1
4da9b2c3519eaa55157cb0a95e8f57ce8050c0d8

SHA256
7cb32c4e7df6d4fe00262d32db24ae80d46bb95f1bf0e5c562b65de1aaa79772

SHA512
9edd66c428d4dd5c1a0d0233543dc40e87e7e840286a75e04ff8b917ed181bd2416d3e3d1ca5b10d2861b72527c9f92465dcd26f5526486a845c67391ffc5b67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
12fd92976d0138d4c49ad81538865306

SHA1
a2a21081ab5e1207582636ef164abab0f06dff3c

SHA256
d4bc31b1786471eacfe277139adb6dbcb73d3453b9a48da453cbff0fbee4a82a

SHA512
a5a172e38cb310b8e22756e4cc0dea14b77c65952cf35926727c8668c457f2480a9010272aad7ec6c0f758b1cd4d12b56a94889a96fffba13722dee8f17115e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
46698de84b07c381c552a76fb37ad6f9

SHA1
51e53c627870a5f7d3c5660551df3f8954226bb0

SHA256
22e9b363a3b9d3ed332b76df5e00dbdd817d673c499e4fd24e33581895162489

SHA512
743f5938ef1020a925f221f0dcf590791951491434c86783a5606571df13179ea626f4cc05703626b74273f69ee92a4a29b08cdb2e36531866162368f93c47db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c652af022c73ce22cae4f6a94871d556

SHA1
1b0eedf381c81bb9ad15e4b2915d4764321c6b21

SHA256
8c691c42d933ba9fd3f65a0f5d4214efac1282ecf641475881e02974c4ed6f31

SHA512
d5b91b5bf59f621ead869d66a2952297bf8f6fe97cfa071574776800fc1240348b90b56f812c40ce9e2c04de5ac12fce5bb996809d6210e1174a0993112182bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
857ccdc35e0a944018f67e3e3a1bdb82

SHA1
86ed8c90730822541e7c28a6c955c07d50635843

SHA256
881cd97265a489c804b4381827db8e607c609681d68ba96424f8355761105c6d

SHA512
e9a730ab1427ff3281981b90815110f1918953dd5d282df2c5358634cf96bbdc772afd560a939398048b4cf4395d755bb67d8457d4d5ab926067be5e2326d957

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5774b3.TMP

Filesize
120B

MD5
fbeb99fefb692e50f9f44b7738c8e94c

SHA1
7527d49b76c6bf3ea1a9e2bd9af12c1b898da239

SHA256
1d379dd381811b4b27039168b462516d5d24e984d7914959daab591d013d24ce

SHA512
0e4eb48d00cf0fbe588906aa73bc19f0e99c9dd9f58c6d71ed2a08edf93fd16a8b2b92311244bc6cb0e835fbf13a40b136a048f9eb48759cfe6138d720547002

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
e733139522332721cbd92105b3e9e4cf

SHA1
611d510b6e7f5683c09d05908c74b9448bfb87e2

SHA256
dccfee71b6e80c4b161c58b38ffc26091e86b379d8265e96836462adddf19cb5

SHA512
1d559cd79d027c47de5b2cd4948acb965f9eb933dd796c0e9572e003543953d180782ff58ba478d3588cfe5e2ea81cc599434d92b2ed0e97054f082eadab6410

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
291f02c3175c6a0d353d5d3aefedfda1

SHA1
011b40c44786d11bed3b720720ac658867b11a7f

SHA256
f85718dd81fd21272e2bfe2cd83523cda4f6350cc9668a5bafb8e81019f6476f

SHA512
b95c32862d556422b077031a04cae6063a179dbf58f15b97d51e69751bf609800165bf81870240baf79c835710c2c67a0300587c5d16c1ec578ee20435d0f422

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit