hxxp://webcafeteria[.]kulcs-soft[.]hu/redirect[.]php

Analysis

max time kernel
150s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2023, 10:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://webcafeteria.kulcs-soft.hu/redirect.php

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133370863717732662"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4228	chrome.exe
4228	chrome.exe
2096	chrome.exe
2096	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe
Token: SeShutdownPrivilege	4228	chrome.exe
Token: SeCreatePagefilePrivilege	4228	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe
4228	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4228 wrote to memory of 748	4228	chrome.exe	65
PID 4228 wrote to memory of 748	4228	chrome.exe	65
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 2016	4228	chrome.exe	84
PID 4228 wrote to memory of 4968	4228	chrome.exe	85
PID 4228 wrote to memory of 4968	4228	chrome.exe	85
PID 4228 wrote to memory of 4864	4228	chrome.exe	86
PID 4228 wrote to memory of 4864	4228	chrome.exe	86
PID 4228 wrote to memory of 4864	4228	chrome.exe	86
PID 4228 wrote to memory of 4864	4228	chrome.exe	86
PID 4228 wrote to memory of 4864	4228	chrome.exe	86
PID 4228 wrote to memory of 4864	4228	chrome.exe	86
PID 4228 wrote to memory of 4864	4228	chrome.exe	86
PID 4228 wrote to memory of 4864	4228	chrome.exe	86
PID 4228 wrote to memory of 4864	4228	chrome.exe	86
PID 4228 wrote to memory of 4864	4228	chrome.exe	86
PID 4228 wrote to memory of 4864	4228	chrome.exe	86
PID 4228 wrote to memory of 4864	4228	chrome.exe	86
PID 4228 wrote to memory of 4864	4228	chrome.exe	86
PID 4228 wrote to memory of 4864	4228	chrome.exe	86
PID 4228 wrote to memory of 4864	4228	chrome.exe	86
PID 4228 wrote to memory of 4864	4228	chrome.exe	86
PID 4228 wrote to memory of 4864	4228	chrome.exe	86
PID 4228 wrote to memory of 4864	4228	chrome.exe	86
PID 4228 wrote to memory of 4864	4228	chrome.exe	86
PID 4228 wrote to memory of 4864	4228	chrome.exe	86
PID 4228 wrote to memory of 4864	4228	chrome.exe	86
PID 4228 wrote to memory of 4864	4228	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://webcafeteria.kulcs-soft.hu/redirect.php
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff734e9758,0x7fff734e9768,0x7fff734e9778
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1904,i,16524319313767189367,12470758453106289951,131072 /prefetch:2
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1904,i,16524319313767189367,12470758453106289951,131072 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1904,i,16524319313767189367,12470758453106289951,131072 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1904,i,16524319313767189367,12470758453106289951,131072 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2836 --field-trial-handle=1904,i,16524319313767189367,12470758453106289951,131072 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1904,i,16524319313767189367,12470758453106289951,131072 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1904,i,16524319313767189367,12470758453106289951,131072 /prefetch:8
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5052 --field-trial-handle=1904,i,16524319313767189367,12470758453106289951,131072 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4924 --field-trial-handle=1904,i,16524319313767189367,12470758453106289951,131072 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5176 --field-trial-handle=1904,i,16524319313767189367,12470758453106289951,131072 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5316 --field-trial-handle=1904,i,16524319313767189367,12470758453106289951,131072 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2452 --field-trial-handle=1904,i,16524319313767189367,12470758453106289951,131072 /prefetch:1
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1904,i,16524319313767189367,12470758453106289951,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2096

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
8d0cd67342c1aaeecd2cd62cd14d33fd

SHA1
411d9c343d330a95ca9a7f9e4a0ba36505b524d8

SHA256
45180ec0ff99524d0893fa1f14635af8f98fb349249b7734e79ce7deb58e39ad

SHA512
89bfb5355654cae22b4ba868bc6e52c64cc7dc2ef265eb348889d3562b83c1b6d9dab9d2e98c1920f9ee406f1990d6608c6e481b4f6015d55379543707cc11cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
7ead146ea2b8ff4c9dfdeedcb77d1a7f

SHA1
8a2bd24a1fd733511b93b54dc93bcb964163d0bd

SHA256
74e6f25c9529cd14e99af92c85d61303093652829ebcd6afccdbfbd9b494e70b

SHA512
cbc0bf51e94c30901abcc94294551da6cec4576219bba310abc41e5656f1011113fafe2f6d458e548095f862bba5561c835af63d35bbfd976ff5d86e1d20e615

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5f05421e32148fb2dca178b81004c95a

SHA1
1ac7049dcac02efd6a5a8a575442555ef3b0e30a

SHA256
26cf61b31bba3decae41a27711d186844cf3b1f6b636dfbd3831c5e039d39d50

SHA512
13d931d9816f4fea8c1f96475a137c31b1c4f02cab962bec919e0ca64c432a8bb2cd12edeae861c59631a47cb70032482f26cb2c365f1dc29108e91597a2de33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e52d1aac790d9bc180cd206618de8cbe

SHA1
9deeae0e0d411948c578b3928fcf4e5c2bec11ad

SHA256
6e5517d8e3bbea6ba291a09c3faa4f3f44104d3e28f8b6e43541910b3d2f5f88

SHA512
971c1be5f1a7461e63e325cfac172005847e8b4b0a09b2a491feeaa69f440e25410dee2368c8f2834b1094d1bf8cf6b8f3a1fcca271cb1c5ffea615a73580639

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
77f7b5eaff6a4c27edfbae204ba85523

SHA1
eade07d49733ccd942580f4387a4a1e3acb63a39

SHA256
8189e5c8a0181600b35a1d16978c3eee4ecfff1ea352002324a24bd6dc1ebe42

SHA512
6a8298d038877f9939184de7eb0415ec9ee21e748f700446957c9975c87acd343b3e3d795330934781a3b9d384910a20507f67b14c8feb336c8c9c0100fdaeed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
e1a44e49e500504e483069d7b24ffa7b

SHA1
ee38dc47861565a4860a80175932c0b1b29047fa

SHA256
10f97ff548c30849827b13e86db1d55db92a23a426b79ef1ab2bc4aa9ce5a673

SHA512
b779a3679eba5203ceac7052c659dba57655be5d584190e2630c00e46a738b4bccae76611195909a73e68dc3b64fe9595497b26c98af22ec041d3785aa94143c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
80fb851445e90584d4af941f37db7c85

SHA1
ad6356bc87b39e9572cc03d582e83dea4956e469

SHA256
a3fe9bdd256c084da73381873c9551fed41a03b532566171b0b5fbe918b57431

SHA512
f1bb910fa22f76696d89d466e752d067743ee7d02f6171078fb364e8e4c9d47b143707e7d949ed946a7693a67755fadb805195c24b3b416824fb0231ad495839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
714c17a050e1035fb7eae6c9b4ae2a9f

SHA1
95f9fcb3f8aa7fae6aa82b659e0c5104a98ae96b

SHA256
0e8250b5345552d8e5aa9509445e198455dd2b71023c9cb910e40041d6c2eb9a

SHA512
bca34b8d7480af00abb5fca8c5ffa2252c771acac26f9785519dee7ded072b093fd35840efbbf158feb55f287e859de00a514b63b5722e0614a9ed3b83d12c20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
113ed22b423923765ce69cbbe2a9ddb6

SHA1
d11748ac793dbd8c4c8fff548fd46dea941629fe

SHA256
4e31d112bb74b67be1ab9a174c9e07ba15779775496f42a9ad2e2b15f3f2ca07

SHA512
aef2ecc96e2b021bc5bc8d72cf72b504d702388a3fe03d2dfa7e0fa868727a3633bbc22c34c35825ea15a82bdd235bf7e78440bf1a7e59b14fddb2f3e5cbf13b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c59dcbcc36e08d5b7923c2bc8a9a6837

SHA1
3d208b0f339d863df4aa0766040645776bd87053

SHA256
27d52596b67d6fca575d53ba91d5cc1cd53b90df2f1595600363b3044cf43cd0

SHA512
de207eea0dc0552fad68b82c64818ed28280dfeb5efe8be42e3e655f57b9d0f25209ef3fed504597f0a066cfd0744382c510e351937f6391f581b70b83a270d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
deca2ceff1bb5a446a9e70b1fe028475

SHA1
27a2703f7cbc4a317db7b6a999e8f2bbdb95e2b3

SHA256
4baec3bcef571c0215642aefe9f8ea7aa0e73ba060f8d986ca004411f51ee978

SHA512
2956b3d9913bc085533304317af07c3f9134fad65044790779470835bce8cdb9c878987eadacba8627fc691a12ba28c365eb3b87cdbc552b05879b94c7151456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
cca614b90a9ae66324bee6d6106dce69

SHA1
2c869bfaf6c8eeac3cdc056e18015bc1576cdcab

SHA256
78499eacc25831a5d05afbfe0f2590b436db134948c4c5864c7ffa6ae3f8cf55

SHA512
0a4ae05072d64015dd8e91b6c5eaee297d7ce2fac20f4d0a4c64e36e17963c57ffa3573780c84fb395c826735834722a244ae0dbf8430822dac8c4e9620e9f43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit