hxxps://cF4Rq04[.]na1[.]hubspotlinks[.]com/Ctc/T+113/cF4Rq04/VX538d3Qm58jW4Vqc117zM69KW861hN752DsxKN8tN9CF3pyd0W7lCdLW6lZ3pFW2J1Lpf3_qX2JW7rbhkz2TBDSCN2xTYvN57jR5W2-zHCk6TKQ09W8DSC0N6lMp38W4FXYsX2f2jmkW1sJ3S7997_F1W7tDPdv27Nmv8W2cPSj-52Xb1CN7tx_1fRzQGFW52P94B7pvSdFW6MBkdt4hxXnYW3RR5V_4JRnJ6W248d-11YV47vW7lPgJK1bNr5NN12KMNPFh9nxN6NZ5sH1qZnpW4s1NFd77mJc-M93cHzR4_9xN4QfprxwDm0cW28-Hpn786_l-W1kQyb09m5T8fW4Qch7j3SL_LHW59xqSY3ZFpRxf7QbhZF04

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
25-08-2023 08:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cF4Rq04.na1.hubspotlinks.com/Ctc/T+113/cF4Rq04/VX538d3Qm58jW4Vqc117zM69KW861hN752DsxKN8tN9CF3pyd0W7lCdLW6lZ3pFW2J1Lpf3_qX2JW7rbhkz2TBDSCN2xTYvN57jR5W2-zHCk6TKQ09W8DSC0N6lMp38W4FXYsX2f2jmkW1sJ3S7997_F1W7tDPdv27Nmv8W2cPSj-52Xb1CN7tx_1fRzQGFW52P94B7pvSdFW6MBkdt4hxXnYW3RR5V_4JRnJ6W248d-11YV47vW7lPgJK1bNr5NN12KMNPFh9nxN6NZ5sH1qZnpW4s1NFd77mJc-M93cHzR4_9xN4QfprxwDm0cW28-Hpn786_l-W1kQyb09m5T8fW4Qch7j3SL_LHW59xqSY3ZFpRxf7QbhZF04

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133374249829775397"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4892	chrome.exe
4892	chrome.exe
3900	chrome.exe
3900	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4892 wrote to memory of 4336	4892	chrome.exe	80
PID 4892 wrote to memory of 4336	4892	chrome.exe	80
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 3136	4892	chrome.exe	83
PID 4892 wrote to memory of 2796	4892	chrome.exe	84
PID 4892 wrote to memory of 2796	4892	chrome.exe	84
PID 4892 wrote to memory of 4072	4892	chrome.exe	85
PID 4892 wrote to memory of 4072	4892	chrome.exe	85
PID 4892 wrote to memory of 4072	4892	chrome.exe	85
PID 4892 wrote to memory of 4072	4892	chrome.exe	85
PID 4892 wrote to memory of 4072	4892	chrome.exe	85
PID 4892 wrote to memory of 4072	4892	chrome.exe	85
PID 4892 wrote to memory of 4072	4892	chrome.exe	85
PID 4892 wrote to memory of 4072	4892	chrome.exe	85
PID 4892 wrote to memory of 4072	4892	chrome.exe	85
PID 4892 wrote to memory of 4072	4892	chrome.exe	85
PID 4892 wrote to memory of 4072	4892	chrome.exe	85
PID 4892 wrote to memory of 4072	4892	chrome.exe	85
PID 4892 wrote to memory of 4072	4892	chrome.exe	85
PID 4892 wrote to memory of 4072	4892	chrome.exe	85
PID 4892 wrote to memory of 4072	4892	chrome.exe	85
PID 4892 wrote to memory of 4072	4892	chrome.exe	85
PID 4892 wrote to memory of 4072	4892	chrome.exe	85
PID 4892 wrote to memory of 4072	4892	chrome.exe	85
PID 4892 wrote to memory of 4072	4892	chrome.exe	85
PID 4892 wrote to memory of 4072	4892	chrome.exe	85
PID 4892 wrote to memory of 4072	4892	chrome.exe	85
PID 4892 wrote to memory of 4072	4892	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffae299758,0x7fffae299768,0x7fffae299778
1⤵
PID:4336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cF4Rq04.na1.hubspotlinks.com/Ctc/T+113/cF4Rq04/VX538d3Qm58jW4Vqc117zM69KW861hN752DsxKN8tN9CF3pyd0W7lCdLW6lZ3pFW2J1Lpf3_qX2JW7rbhkz2TBDSCN2xTYvN57jR5W2-zHCk6TKQ09W8DSC0N6lMp38W4FXYsX2f2jmkW1sJ3S7997_F1W7tDPdv27Nmv8W2cPSj-52Xb1CN7tx_1fRzQGFW52P94B7pvSdFW6MBkdt4hxXnYW3RR5V_4JRnJ6W248d-11YV47vW7lPgJK1bNr5NN12KMNPFh9nxN6NZ5sH1qZnpW4s1NFd77mJc-M93cHzR4_9xN4QfprxwDm0cW28-Hpn786_l-W1kQyb09m5T8fW4Qch7j3SL_LHW59xqSY3ZFpRxf7QbhZF04
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1872,i,15121904425679412468,10663323804919569923,131072 /prefetch:2
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1872,i,15121904425679412468,10663323804919569923,131072 /prefetch:8
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1872,i,15121904425679412468,10663323804919569923,131072 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1872,i,15121904425679412468,10663323804919569923,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1872,i,15121904425679412468,10663323804919569923,131072 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4576 --field-trial-handle=1872,i,15121904425679412468,10663323804919569923,131072 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1872,i,15121904425679412468,10663323804919569923,131072 /prefetch:8
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1872,i,15121904425679412468,10663323804919569923,131072 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2756 --field-trial-handle=1872,i,15121904425679412468,10663323804919569923,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3900

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
bcaf1558f43a57c5205672723cdf4bd5

SHA1
612c517e882bef229aa8a4618e264b4f441dd970

SHA256
825baf41754c292d07df03a207440205c43271f21269b5d16023b09688b37ab3

SHA512
0def4f5242b25cc060094652bb00efaaf5ae81e7b74d342d1f8ddae1ff98f7097efe19d3793d4be220c97e3ac603443ce0f4ff6750edb86747a5d7d62805f3b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
647277a2f85d3c44c975dafe9461850b

SHA1
a538bf902ee609204eb0ff6bd62217d099af2ad5

SHA256
704a1e6bb2af3b849671c64d29697c4aa9971735e78745b8957fb3a8d9451ba2

SHA512
29491e3523bf1f9015c77c6167437d5c49407cd6369af4dbbc0f4821da59a48f299484c335a61fef7c82a24bf823f5654fdadea95526b2199cc7abe802e66db5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
94358136c45ef94ae43a204e19f1ed36

SHA1
cf23000afc4afed720451e680b385240e9a9d777

SHA256
0bdd7bba3a46d196adf0e12d98af5fc85d20b4afde92377af71c2ab531c0bb8d

SHA512
f37ace468c6c835997954376d8cb4659abc64c3a93f2e071367d8890c94f9ea0ff2c380d0b8bd51d6a84ccaa911e3992fb0ab24e1d5f30f52f540bd0e131c21a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
40c028e628c99942e82aae4cd79a8ef8

SHA1
edbdf4bc427a56dda09e887501910072ae394daf

SHA256
d730585007e25e9651a75f91c6e3512ee82092a4a3146adbd50cc40ccd79ea31

SHA512
5619fe3ab2edb0ebe7aa2dd18696ddbf02dac21f6709bb9aa37afda4f48b84f5ab66ebc441993b11fd3e1b9ea42755dc74fb301b6157b88d9f68e8a7d30e0acd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
26489ff5339d896f3beb25907ffeb8da

SHA1
581a2ef69336d737788014a04a2cd3c173211886

SHA256
a2ed03504c78209badb2b40dcbf9fc870635cea357b3531835117dbf50b76eb1

SHA512
39129666ac61cde69906664b398f0fca886ba73f94b0b9c94c39328982b284a38906cdf7b2a276736b13bb2f6dca6ed7aa3049603d839bf5083a8863ba92ec90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4f13d86d1f5ec53db64682cd400916f0

SHA1
a1f22c67f7bb8d288f3f4cf14b910d4f085b0b80

SHA256
576c20fa4bf066ba6c2ee9051a47beac2cbe8c208fd1d2438f1d9fc0a2719875

SHA512
7c4a962e655c72c9abdee4d2a5a339a369a58958ab5d8e9aac3dc41eb8df994eef3ac878f1142a5d790cb2f148908167bfdd92ad008da7b25d652ffbb3aba2ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a27f28091137a971e6807cba6f9d0106

SHA1
73c8c3d7760aad8519e49a2542a7016cac0aa144

SHA256
89180c4b55731dc96e343ce59bdcd940c93c87fbb6ca840eb91da433c9854fc4

SHA512
087ff9b45a36b3c32c93abf27419dad607046095c2a857cd5603d205990b138f5f1293deb64fe0ffbee47dd49b135db03425f114c27dfb4a5d479f745deb53bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
84e991f2c7a4b62ca58d9c4aaa7553c0

SHA1
d5720c3aceff52090d1c9ef13819d7b75142160b

SHA256
bf0f9cb43c5fa3df6afb5d21fe89fbf8656f08f8f98f4ffb156e4ea926b7516b

SHA512
edc5ff9d7717a0c5d11c548246504c8fbbd7a854334f8d53f3815e75643ba6b082c5414d6ef8131402cbef1e698d42c1b25b92e94c262bc8888732370565c365

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit