hxxps://manillo[.]dk/nyhedsbrev-indstillinger-manillo/?eml=kmv@sologstrand[.]dk&utm_campaign=Lagersalg%20%20Tirsdag%2019%20september%20rest&utm_content=tpl10025707&utm_source=newsletter&utm_medium=email&vt_user=7885949107034322

Analysis

max time kernel
1800s
max time network
1688s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
08-10-2023 09:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://manillo.dk/nyhedsbrev-indstillinger-manillo/[email protected]&utm_campaign=Lagersalg%20%20Tirsdag%2019%20september%20rest&utm_content=tpl10025707&utm_source=newsletter&utm_medium=email&vt_user=7885949107034322

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133412321610582737"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3748	chrome.exe
3748	chrome.exe
4356	chrome.exe
4356	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe
Token: SeShutdownPrivilege	3748	chrome.exe
Token: SeCreatePagefilePrivilege	3748	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe
3748	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3748 wrote to memory of 2740	3748	chrome.exe	43
PID 3748 wrote to memory of 2740	3748	chrome.exe	43
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 3384	3748	chrome.exe	89
PID 3748 wrote to memory of 2172	3748	chrome.exe	87
PID 3748 wrote to memory of 2172	3748	chrome.exe	87
PID 3748 wrote to memory of 3608	3748	chrome.exe	88
PID 3748 wrote to memory of 3608	3748	chrome.exe	88
PID 3748 wrote to memory of 3608	3748	chrome.exe	88
PID 3748 wrote to memory of 3608	3748	chrome.exe	88
PID 3748 wrote to memory of 3608	3748	chrome.exe	88
PID 3748 wrote to memory of 3608	3748	chrome.exe	88
PID 3748 wrote to memory of 3608	3748	chrome.exe	88
PID 3748 wrote to memory of 3608	3748	chrome.exe	88
PID 3748 wrote to memory of 3608	3748	chrome.exe	88
PID 3748 wrote to memory of 3608	3748	chrome.exe	88
PID 3748 wrote to memory of 3608	3748	chrome.exe	88
PID 3748 wrote to memory of 3608	3748	chrome.exe	88
PID 3748 wrote to memory of 3608	3748	chrome.exe	88
PID 3748 wrote to memory of 3608	3748	chrome.exe	88
PID 3748 wrote to memory of 3608	3748	chrome.exe	88
PID 3748 wrote to memory of 3608	3748	chrome.exe	88
PID 3748 wrote to memory of 3608	3748	chrome.exe	88
PID 3748 wrote to memory of 3608	3748	chrome.exe	88
PID 3748 wrote to memory of 3608	3748	chrome.exe	88
PID 3748 wrote to memory of 3608	3748	chrome.exe	88
PID 3748 wrote to memory of 3608	3748	chrome.exe	88
PID 3748 wrote to memory of 3608	3748	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://manillo.dk/nyhedsbrev-indstillinger-manillo/[email protected]&utm_campaign=Lagersalg%20%20Tirsdag%2019%20september%20rest&utm_content=tpl10025707&utm_source=newsletter&utm_medium=email&vt_user=7885949107034322
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d71f9758,0x7ff9d71f9768,0x7ff9d71f9778
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1884,i,10981839234400476837,5739511802737397977,131072 /prefetch:8
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1884,i,10981839234400476837,5739511802737397977,131072 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1884,i,10981839234400476837,5739511802737397977,131072 /prefetch:2
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1884,i,10981839234400476837,5739511802737397977,131072 /prefetch:1
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1884,i,10981839234400476837,5739511802737397977,131072 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1884,i,10981839234400476837,5739511802737397977,131072 /prefetch:8
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 --field-trial-handle=1884,i,10981839234400476837,5739511802737397977,131072 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5228 --field-trial-handle=1884,i,10981839234400476837,5739511802737397977,131072 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5164 --field-trial-handle=1884,i,10981839234400476837,5739511802737397977,131072 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5520 --field-trial-handle=1884,i,10981839234400476837,5739511802737397977,131072 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2764 --field-trial-handle=1884,i,10981839234400476837,5739511802737397977,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4356

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f6959466c8d68c4c475286a429c0a567

SHA1
b3f86a503baa9a19da6fafa2ae1fb33bd40aae9c

SHA256
1ec5db5042c3640090886db975ebba9f0b579841d393959ce9e788fd6b0b92fc

SHA512
1989fd982b3125e76c894a2c71ab66a29a056f5081cf48685543d0be2c521f9f06211e0e4ba3e0df1c4ae2a933d27d02a14924e2c8dfd68e4fd3b44dc534f2ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
dd75b21e49eba1a9658f6a35199e8d79

SHA1
043ff5031c142f7b8b99be6259721b1183c4ba39

SHA256
4bb9fb108b92f742e299db63b1570b9ca23ba28b150a006c0fe504c50ae8d0dc

SHA512
5ca68cdeb92f51722f7b69510511fec0f1d4a74810f9f7c7f8e19c9d3947dfcb6188bda16bee0e5e25c81239a61b9b480c0d0c73d42ca31ee6d7757f7ad28efa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
2c5c4783dcc0563f01023dab7d2dd83e

SHA1
675dd5bb6b1cec91e8a47943d1570c6840b3ba31

SHA256
8a355785e1db86347d4997ecbc0cb87da5284436940efe833b79da021a0e0c39

SHA512
e70fc37365207f4973e5e7dab963731c1fffdbc86c1987daaeb7a781b8dab3f85ab91635ba0e242bb5fda582e9fc00ba06b380a5efb91fdc24fa3a5083629eaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
878ffce27b1c93b34db1b50dc7b8791b

SHA1
c183ee1ad35d02c660f05870547885dbda64c681

SHA256
d857bbe760dc0db914ae3c5b1e8e57ea45ea4c8d0315092fc65846b82e4a8a48

SHA512
cb7b07d479db05ec371d2f2e9dff5661137e0af056f75f2d6b352241656cb757c059e75c8b1c433f5c8e3db0eea8dd3d9d9cd97e025590d93da40af05556f20c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d469fd66f119dc012c43d406e0b2cdb1

SHA1
5ebae33312261d4ea7f770f4a6e093507c02aa19

SHA256
d08a3aee0eadd488d594bc22a0289f40677be98ce172b63504dbfcdde3403a4d

SHA512
6592cf79fb037fa0ec553c5b4afa7d9a21462a99858d5753cb742fea85d05e6711b722657ba347460cac8afea8204703047996cd59ea8163cc148b992dbc18d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
50f76b02582684854fe379d5fa3e841e

SHA1
22c088a8c315d56aa4f2150bf5d223621378ff13

SHA256
e9c4297b4a5d543f47f9eb28b127eb43e401dbfdb11120fed0b265fccc67dca3

SHA512
c37c0a32b077620d59f19948c232a02d8b153ce1075098d794b4bc2d85fd79fd559b5940cfa8a11a35d1b44b50bcdb50ab1f5ee00d48f56452149523b9f26e5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e1df07c14428785d4a1fae41a5e7e9d9

SHA1
b2b82636647bb26fdb61f83436bc515c2b3ea569

SHA256
c554b2241cfca9c995c480711b6c4998b90a35b8300f803c33722d27e6a1e2ff

SHA512
f876c8be9036834e73f070f335c6ccf2d8193e95cd858b536691e80805355a79cc2612120acee1516834fc7bef2765c69c415e11427e3a97de9f76a198a81748

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
e55f64efdae7d77b59b32c4fe7e443b3

SHA1
95ecf0cd6b53845b93195dfcee2bfc8e1c61b0bd

SHA256
10bfd45cff1aa0863985279add1b4bb4b3cec60c221a785e76918f287c257076

SHA512
b1c41026b79c984ea10cb32cf331546eee1076d54d9d77af97d4532c745cdbce828a517c574a6d2c979e1d45ccabc5beeb5947634915f78aa5a4f5f26f49c6f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit