hxxps://www[.]facebook[.]com/KITGroupGmbH/

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2023 10:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.facebook.com/KITGroupGmbH/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133408888044549024"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4632	chrome.exe
4632	chrome.exe
4396	chrome.exe
4396	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe
Token: SeShutdownPrivilege	4632	chrome.exe
Token: SeCreatePagefilePrivilege	4632	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe
4632	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4632 wrote to memory of 3336	4632	chrome.exe	27
PID 4632 wrote to memory of 3336	4632	chrome.exe	27
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 2728	4632	chrome.exe	91
PID 4632 wrote to memory of 5064	4632	chrome.exe	87
PID 4632 wrote to memory of 5064	4632	chrome.exe	87
PID 4632 wrote to memory of 884	4632	chrome.exe	88
PID 4632 wrote to memory of 884	4632	chrome.exe	88
PID 4632 wrote to memory of 884	4632	chrome.exe	88
PID 4632 wrote to memory of 884	4632	chrome.exe	88
PID 4632 wrote to memory of 884	4632	chrome.exe	88
PID 4632 wrote to memory of 884	4632	chrome.exe	88
PID 4632 wrote to memory of 884	4632	chrome.exe	88
PID 4632 wrote to memory of 884	4632	chrome.exe	88
PID 4632 wrote to memory of 884	4632	chrome.exe	88
PID 4632 wrote to memory of 884	4632	chrome.exe	88
PID 4632 wrote to memory of 884	4632	chrome.exe	88
PID 4632 wrote to memory of 884	4632	chrome.exe	88
PID 4632 wrote to memory of 884	4632	chrome.exe	88
PID 4632 wrote to memory of 884	4632	chrome.exe	88
PID 4632 wrote to memory of 884	4632	chrome.exe	88
PID 4632 wrote to memory of 884	4632	chrome.exe	88
PID 4632 wrote to memory of 884	4632	chrome.exe	88
PID 4632 wrote to memory of 884	4632	chrome.exe	88
PID 4632 wrote to memory of 884	4632	chrome.exe	88
PID 4632 wrote to memory of 884	4632	chrome.exe	88
PID 4632 wrote to memory of 884	4632	chrome.exe	88
PID 4632 wrote to memory of 884	4632	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.facebook.com/KITGroupGmbH/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc65f89758,0x7ffc65f89768,0x7ffc65f89778
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1888,i,11921101665741483180,16025909344213439460,131072 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1888,i,11921101665741483180,16025909344213439460,131072 /prefetch:8
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1888,i,11921101665741483180,16025909344213439460,131072 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1888,i,11921101665741483180,16025909344213439460,131072 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1888,i,11921101665741483180,16025909344213439460,131072 /prefetch:2
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4564 --field-trial-handle=1888,i,11921101665741483180,16025909344213439460,131072 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1888,i,11921101665741483180,16025909344213439460,131072 /prefetch:8
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1888,i,11921101665741483180,16025909344213439460,131072 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1888,i,11921101665741483180,16025909344213439460,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4396

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
906d053a25ffdfbd6292fa07eaf6b40b

SHA1
e9bf5972f9129d3d587f75f87af3b5c19dec828d

SHA256
9555596b40a8b7f685a44971f0f6eb444c9aeeab6ca292277b247035455c7977

SHA512
99c04669b0baf0c692470c3e36ea9c9210b334f530f3005a39c0312785c3a531c8234886d574042384e5c5637effa06682a48e700fbbaf99188820a8f670f1b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
dfa07f81b75a45cb633f6230b9eae002

SHA1
dde856b3f0bb981e63dd789799e60de40318022e

SHA256
7cd26108fecbaeaa10c302847cfddb1b8a8be6fdba94940f2d9f48fd0c00d09c

SHA512
933491856607ac4d85539d00c1a1828bcbfd5b1ee27a24c732d82c75c178cb2e0ed38a76a9b0a4251e92d5ecaaf35c6c5b2607928a10596fe37d99d556e501f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
ec52e01a7a93ad58747a768d3828304a

SHA1
efe3a2773ac90b1d7fd1cf0fd9d32041f1915c12

SHA256
f2fec4cc868b9c0d8b7939242c6f11b83631eb054e5e01a3bd934679d5b17c54

SHA512
6e43de5285f2d63fdca5abb71a9288d2b01f8ba9db39bad3ff4aeebb1334807f6fc9d0f3109fafcc8760e37dddc5d16c0741316e2f220f6d2b00d78aa9d80fab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
2fc15466c689da4963a3db8b2a333a2f

SHA1
ccaa7d916bbeedcc34fe82ac5df45c059da3831a

SHA256
d306d27be7728a227ca5c31c1ef6791f9141eede0b54a2a76ba734e635c17133

SHA512
e31f14c5555d975f82a6bf3a924abd10da78f66c486c0a3133d8aa7a8d39ce33701973035001a3a3be942977679b77bf4fd5a528ec1b942d352f8da9a76d3853

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
4e4851d7f68e3bfab073e5fd9924888c

SHA1
9aa070687b51532a008268063ae3f20c40e8328c

SHA256
b0641f671495c7b6b1f2a75db42644df84a1e4d95955925d893d66a03f2958a6

SHA512
a94b16dcfc6c68545e5db420d33c1938d494155b90ae575b11bb026a41ca2829018f717bcc60f8c0eb77f54c88d032d4ee4de7b3325e7c39f0c18d75b43a19a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
6b51d954719dc73fa4821e8a9298d67b

SHA1
ba8e667976b5d7c5e9962361c5f89d400e3df362

SHA256
5e9f31d03c6791bca4034080990f7d4bd6ade6c94b603cd1618da6005b3d1a97

SHA512
521c414291bdbf57792be241168d656000fd787da76f541f80e7580bed6ec8a031ccf4187e94976343d9b1faae8505488dea732a1cc02a0f1fa2a5dbb8c78d91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
286f3a40f89807ff740581835997839d

SHA1
c3e33f1e33010bc527537e570c8d124bd0b2af27

SHA256
b29be5568eef61543952e3c4c23f9beafe1b39eb1361ec4d7076910495142aa3

SHA512
a17985707687fcf04c9bb4615308a3284c65c943f911d392fb09c45350cda2f6ad2b2ef07f13c60e7a54f63f17bb7b263e912467af2c6be1ed1a1dce5f65e190

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
9ea299b7c732cd8fb87580b0e47a0efb

SHA1
28d5604d6febb8280c8dff2ca8fa2d5e4a913f9f

SHA256
2a494d50debf836106291f528f850504d5872aa6163bced59615cf6aece7b8d8

SHA512
637a02f23ba7ae0de237d258d21350b43143964bca3c8b63c258c64e82d667a675d753105ec8782b3f98610c3da6a97f7ea68fc3aae5337da308edb1f2263030

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
3f9daa44c5322d26b9517be08c7b4778

SHA1
5accab4ae5647ced44d60b42445de780d0d36e6a

SHA256
f3c51c24cba36df89285cb36b58236f3e83323ad1cd051ad5e9fbbfad63c3651

SHA512
a3ef2525194ec45f9bb01dcf3aa1528543fbeaf4febc75cdec7ca60fc272956ca64111239c0291e5c7a3f9fb679bb03af35d3ad6f8cdc5eb7d38523b2f76742a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3eddb5bceed131db0ee39cfa96fdd8cb

SHA1
bf44d4b6ca281a696001e42ac2e883f127e74f70

SHA256
c583343810ba647a1e27234cb2bf866685a898b1308c900516a75864ae658dee

SHA512
466606f031ea3ffc14469c54894af443803314dae268045594e7f657a9061bdf26ee3fe5ceab096f765aad4e52fb608c3beae2aec12d4ea6552d48c581185e57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0cd70446e456cee7186da5f40ea731a7

SHA1
3444a7c892ce55f372a3d083d9a0545b30364f93

SHA256
90199417b2a49e0bfd86a96c3e6ef009ecf3339f112ac97bd9cf983ae395ec8a

SHA512
ed66035bf7ff13fc7df3fbb6fd8d3367103217ce5fe13988d66a788204eafe0ea381c28b3e3069b6a339eb9cdffc959b0f70f04d74c9138200059c75debb6b3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1213b643b9e778a34dbf585bf6fade1a

SHA1
7687eca8e394dc2e596d889b4f79fcd27734ced8

SHA256
e870caaaf957533d00a0d42927549711b6762265c7577e0d1fb1a262ede56335

SHA512
a0f6110982ffdee8a08ccf1001a54b2e008b553fcabad647df93f7176e8c9c18506c13276ab711c0486a0e8670ad4d68c5f918a280f5805ca18aa145635c05e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
b2ca6bc502744e12439d02ed6a0ac3f4

SHA1
de7e50e54fb847761f0ec45de2f77898a0b252a0

SHA256
bd1651ceb4388dc530c0ccc330dcb2ac858fd5cceae2b4e83b80e68bbaa88d9d

SHA512
21830e19577e8c7322ca54db7e0b192ac14e80ab7c0d7011e3578a3bb915d3e253d1485f1295788dc2eb456ab7f74649f860786a493f34274096a1e1430fddf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit