hxxps://uwartsandsciences[.]sjc1[.]qualtrics[.]com/jfe/form/SV_8ojBqxxo58jeCzk?Q_CHL=gl&Q_DL=EMD_R0BwfMMJra1ajaF_8ojBqxxo58jeCzk_CGC_2NIPW64BqnSGyye&_g_=g

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
10-10-2023 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://uwartsandsciences.sjc1.qualtrics.com/jfe/form/SV_8ojBqxxo58jeCzk?Q_CHL=gl&Q_DL=EMD_R0BwfMMJra1ajaF_8ojBqxxo58jeCzk_CGC_2NIPW64BqnSGyye&_g_=g

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133414352719544114"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3832	chrome.exe
3832	chrome.exe
4888	chrome.exe
4888	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3832	chrome.exe
3832	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe
Token: SeShutdownPrivilege	3832	chrome.exe
Token: SeCreatePagefilePrivilege	3832	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe
3832	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3832 wrote to memory of 4488	3832	chrome.exe	86
PID 3832 wrote to memory of 4488	3832	chrome.exe	86
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 4244	3832	chrome.exe	89
PID 3832 wrote to memory of 3024	3832	chrome.exe	90
PID 3832 wrote to memory of 3024	3832	chrome.exe	90
PID 3832 wrote to memory of 3748	3832	chrome.exe	91
PID 3832 wrote to memory of 3748	3832	chrome.exe	91
PID 3832 wrote to memory of 3748	3832	chrome.exe	91
PID 3832 wrote to memory of 3748	3832	chrome.exe	91
PID 3832 wrote to memory of 3748	3832	chrome.exe	91
PID 3832 wrote to memory of 3748	3832	chrome.exe	91
PID 3832 wrote to memory of 3748	3832	chrome.exe	91
PID 3832 wrote to memory of 3748	3832	chrome.exe	91
PID 3832 wrote to memory of 3748	3832	chrome.exe	91
PID 3832 wrote to memory of 3748	3832	chrome.exe	91
PID 3832 wrote to memory of 3748	3832	chrome.exe	91
PID 3832 wrote to memory of 3748	3832	chrome.exe	91
PID 3832 wrote to memory of 3748	3832	chrome.exe	91
PID 3832 wrote to memory of 3748	3832	chrome.exe	91
PID 3832 wrote to memory of 3748	3832	chrome.exe	91
PID 3832 wrote to memory of 3748	3832	chrome.exe	91
PID 3832 wrote to memory of 3748	3832	chrome.exe	91
PID 3832 wrote to memory of 3748	3832	chrome.exe	91
PID 3832 wrote to memory of 3748	3832	chrome.exe	91
PID 3832 wrote to memory of 3748	3832	chrome.exe	91
PID 3832 wrote to memory of 3748	3832	chrome.exe	91
PID 3832 wrote to memory of 3748	3832	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://uwartsandsciences.sjc1.qualtrics.com/jfe/form/SV_8ojBqxxo58jeCzk?Q_CHL=gl&Q_DL=EMD_R0BwfMMJra1ajaF_8ojBqxxo58jeCzk_CGC_2NIPW64BqnSGyye&_g_=g
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97b619758,0x7ff97b619768,0x7ff97b619778
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1804,i,12971708212667561386,14636564775413300923,131072 /prefetch:2
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1804,i,12971708212667561386,14636564775413300923,131072 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1804,i,12971708212667561386,14636564775413300923,131072 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1804,i,12971708212667561386,14636564775413300923,131072 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3220 --field-trial-handle=1804,i,12971708212667561386,14636564775413300923,131072 /prefetch:1
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 --field-trial-handle=1804,i,12971708212667561386,14636564775413300923,131072 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1804,i,12971708212667561386,14636564775413300923,131072 /prefetch:8
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3812 --field-trial-handle=1804,i,12971708212667561386,14636564775413300923,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4888

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
4a4dc6d20066c3872a59576c61a37f26

SHA1
7d389c668d8cd366442cb07c5ea7031fee85534f

SHA256
63b95806d371d1dc8bacc5fdd65a82fe053c0eab00274c7f6ede58acd432ca2d

SHA512
5802d99847621f0ac06717290d5dacedb96f8813663ad4ef20bfba094399d6d9bcc9f2d855db91069ba164faff4fb9b1e85758d2b1e60fbbfaa01edc4bb16fa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
bf9a732f0e98a727e6d4e5d2dc84cb69

SHA1
5ea165e54899932fe72efaef9c120f2be730a4d4

SHA256
15f026568b8e9bc33bb4fa09a73762631b6fcb294a1fc5d6f62f86f60815eb7c

SHA512
74df24a034527b8d45a0d3cf65281b7664a454db9f42713ac562fa710ec03cee5563f4e3bcd1c2d81b3d1dd3c23987288986dd2e3a1c08393a0d71045a0e1e3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2fe19835fbf848459ba9e03371e00cf7

SHA1
fa0bcd7327d0721aa275777865e3de95c5a72f0e

SHA256
ce7c77d3911320f5ab19bc5b579b79edf481ea457f307359717dca2755adfb44

SHA512
6553f8958162faa0518d4e03e04f612947f6f3ec478524f4706cb47bc0bbe488d8b4d0e5608f9c07d30888b7ef37059ee9b84892bf059975b10b2660fd640829

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
62a1628747055fcbe5105f686150474d

SHA1
76de94958e4578a22bfba87417924ec8f1dbd65a

SHA256
2f4b374d881ab7ae675792c1eec65d5d98328a17e90a16d54c4bbd7f5bbd5816

SHA512
c877715446341ba7fdb6ab352a8f20e94c2e89b3edc161f473887379d7e190bdea130600a731e3d54ada7bdb606f239f4fcf2e963b691e4d979dc7a849ab4100

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
4ae6acf55c09a4661fa52034cf4a5003

SHA1
850b4da9eb0be31512a84049227851bcd499143f

SHA256
bb7ccc77e1ec1a859b02bc464fa0d54efdcdb2a0c1d544b36e28bb0e78cce87f

SHA512
1c35b8f0639b26153844da522a13d867be29129cd63004980bbad0a2c66d84416b328d2dd8aa980413e517cc9ccd7e07abc2e9845c3918ccfc63fa625308b336

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
bc1979638a6e9a6da3b259e53752c37a

SHA1
67af4c21106b4dff1786b59ab0929a40895e9f23

SHA256
bce31008582f9ed4acbc92822c948212e752562a4d7005dd016cb1f1e4a2d89f

SHA512
a20c1623c929a6b34105988c5d1e7e39f29a3215908c16e11a9555227067ef9f3c369688f645f3a234a1b13a7a5c67c276d03a9afb86791b30643cb78279b7ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
26cd9962ac9b1d2b7ac0a20176b09401

SHA1
0ceda98d50d58a984f79adafad9097bf62861612

SHA256
6f7ba62f07adda0c0a66e155e6738347ba77bb01e60a33350dfdf1c79a368125

SHA512
c7d413cc67640a04bc6e10fa174fa549cdc7f1bf11146ad398647bc4d6f8479af80400a5bd9cb05d9277363b545dee25c544532bbb51e86e6ae38cdba39d2d6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f7e63d919783dbb5d6cb7e8108ecc8fc

SHA1
5e6371ed8061d892c07c6ba981c54caa3c422d31

SHA256
64d664a9f4dac95eb6b4bd3e3c58689e4fbf7089ef7c71e741f01c4b2a2ecb5a

SHA512
280daea2cb6a30e26f2b1de3efd2495c46496a27c9b34fc0e598084af6bc080f49070be5d9217ae59946a4ecc004483b70d7fe328b719127f9295e92f39bd4eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
60d42e3f3c37bfb09061bbe67fe1563b

SHA1
6e0928292f6f706ceb7eb18bfd900a8bffcb1314

SHA256
646da1ff88dc84bf9299779396597dac13a93adac8fcfc222ddd9cc68898f8fa

SHA512
0186decd6f29fb8311fbb14656f6812ae8fd7ec313c270b3e8bc44342f18efe2ddca2a67d4c7dbac2f44606dba9561a2b082380f9519e9d3947e95c1a3fc422a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3659c77680011692d3f02eaa18694294

SHA1
e74e5db2650a9c640cbde116097bd13dd33cb111

SHA256
0e218bcf030c3c8acdbc23ea0b50fd2151fc7923daf6ec0cf9401226d5ed4f1f

SHA512
f1e4d68a720ca7272060916222da80e140745dd99556e3beb2909a434826c3bbbcbb8ff25d3119368362d1064d2981fcb4da625024dfb75c193edeae01374aaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
fb2b9143b0bad9f6eaa3cc54c2f680d9

SHA1
31dc92f54babe893debc6aad62b525328f50ef5d

SHA256
389fd02feca411e0767810ac0e8e69107977dd0dbb72601d89fc7f599d89b34d

SHA512
e927c17800d36b88a024d7e5a74ff6c1b6c4600b1578c08321344609a79681ae1dd3f69aa7ed3e130794261dd864feeb6bddc9005cd62328d8e0779a142681c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit