hxxps://www[.]facebook[.]com/122095691810097206

Analysis

max time kernel
153s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2023, 04:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.facebook.com/122095691810097206

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133437200435548217"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3304	chrome.exe
3304	chrome.exe
3376	chrome.exe
3376	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe
Token: SeShutdownPrivilege	3304	chrome.exe
Token: SeCreatePagefilePrivilege	3304	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe
3304	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3304 wrote to memory of 3056	3304	chrome.exe	88
PID 3304 wrote to memory of 3056	3304	chrome.exe	88
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3676	3304	chrome.exe	91
PID 3304 wrote to memory of 3080	3304	chrome.exe	92
PID 3304 wrote to memory of 3080	3304	chrome.exe	92
PID 3304 wrote to memory of 4448	3304	chrome.exe	93
PID 3304 wrote to memory of 4448	3304	chrome.exe	93
PID 3304 wrote to memory of 4448	3304	chrome.exe	93
PID 3304 wrote to memory of 4448	3304	chrome.exe	93
PID 3304 wrote to memory of 4448	3304	chrome.exe	93
PID 3304 wrote to memory of 4448	3304	chrome.exe	93
PID 3304 wrote to memory of 4448	3304	chrome.exe	93
PID 3304 wrote to memory of 4448	3304	chrome.exe	93
PID 3304 wrote to memory of 4448	3304	chrome.exe	93
PID 3304 wrote to memory of 4448	3304	chrome.exe	93
PID 3304 wrote to memory of 4448	3304	chrome.exe	93
PID 3304 wrote to memory of 4448	3304	chrome.exe	93
PID 3304 wrote to memory of 4448	3304	chrome.exe	93
PID 3304 wrote to memory of 4448	3304	chrome.exe	93
PID 3304 wrote to memory of 4448	3304	chrome.exe	93
PID 3304 wrote to memory of 4448	3304	chrome.exe	93
PID 3304 wrote to memory of 4448	3304	chrome.exe	93
PID 3304 wrote to memory of 4448	3304	chrome.exe	93
PID 3304 wrote to memory of 4448	3304	chrome.exe	93
PID 3304 wrote to memory of 4448	3304	chrome.exe	93
PID 3304 wrote to memory of 4448	3304	chrome.exe	93
PID 3304 wrote to memory of 4448	3304	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.facebook.com/122095691810097206
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f31c9758,0x7ff8f31c9768,0x7ff8f31c9778
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1884,i,11520456378026675257,17272129356426249393,131072 /prefetch:2
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1884,i,11520456378026675257,17272129356426249393,131072 /prefetch:8
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1884,i,11520456378026675257,17272129356426249393,131072 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=1884,i,11520456378026675257,17272129356426249393,131072 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1884,i,11520456378026675257,17272129356426249393,131072 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4376 --field-trial-handle=1884,i,11520456378026675257,17272129356426249393,131072 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3780 --field-trial-handle=1884,i,11520456378026675257,17272129356426249393,131072 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1884,i,11520456378026675257,17272129356426249393,131072 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3808 --field-trial-handle=1884,i,11520456378026675257,17272129356426249393,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3376

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
f4a7cec88a905fdaffabdd16368545e6

SHA1
3e9b7552dc4110c9fc55062018dd94f8fe13c2a3

SHA256
04e062314424b52f9be90841a2d9056467433cbb7e386aba10370c9c35284147

SHA512
66db7450ee2c3d5d4b1f441005043cff0d84749239fb57f54b83df52d27453703cbff4d726796550cac8ca45b50bcea09959a1c9f8f55a7a80cdc0902fcbbe0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5d2a5ae6890d657aea9f7e5cf7060671

SHA1
e882ac13dbfd2d1adefb9b5b9c1c2bbbcf35b0ad

SHA256
df4c2628cd71ab0d442f5a37a0f319090f8763f02d31acfb8bd480048b17918f

SHA512
e06bb443a6ace91374c5d40855289bbcdae3cb09e8c8175245b4bb5356397694530ea1547957a26930fd3fd0d4480ff3acc2b52e2af3889e93287702c67eaa1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2f0015b8384f2643aeae9139e0a06a88

SHA1
b43dbd537d4c92b097779d57c8a9ee654f36f9ec

SHA256
7a1726292982ad9e3838cbfeec7aeb1f2de1c1964d2caeb20841eb4d5477494a

SHA512
00684b205d4cec115bfcb3bd7bd61c5d13ea9e2be5235bb471bcf2b8adcadb74854d895c91cf8539d49f81938874515a1dbf75c9de580c5bfbfcf9a1027031b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
5c89bda1ffe4de193a63dd1f2a4173bf

SHA1
88611b77a9ed35fffc1ccd408a6811f67b7e8db7

SHA256
a1c00929324993aa0738da049762e03ec8df85ce0cc46ce49154b5d66f52bff3

SHA512
7720de81d95caf85a03cdf1e52b1ca6a82b0fc3afc823574c6da6e21a1a9653099634c04a93ddd4386c8e0d11de852bf530879353eec8cf362134bdc4cdd39b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
0f81298012f64546245511476b8b1069

SHA1
2a8b6dff0ed9cbdb78c910ecd08b8027eb14bcd3

SHA256
5a75ba976f935acb51966b41d8540652584a79721a9ca6f1c1ff2e12b9835515

SHA512
e39076494bc64bec3ffccb2988fc50127e4c3ed6cde87605818617ab4328456c14bb18ea67a111dec001ecf36693f1f60ff75fcea2754944d01960aaa0b16716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
fdbb749608365d9e4c5c84a185d84a90

SHA1
ed25181a1b8f1f5f842448f9dbad2ca44ac8535c

SHA256
9a7334aed04705709b322d47cfa8ed904a56bdd733ccd26ec9454c49c32feae0

SHA512
441cbd032f593e9c43d9ee61a7c99a6437a743324085b28ed6e6702a8a3ba3317036ec258d1d7bc73676f53fe96ec8df2590af695e65f4cbabdc44a8ef99966c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
5b324fd94f0e3eab1fae3d69afa656bf

SHA1
71e5fef3a6ea81921877dd6535ac3b37e66be6b8

SHA256
b022feb36bd11314b47891985c933564246fdd7e5a34a69d8c72ec69c712e679

SHA512
62cb59d0a61ce7ffe3e48e67a8d9c7b42272c7a7ae58e9bbbc90e8015655c7c7facf93516fb1da13552f84faf28c6665d4847bad720c4e82dcbcd32520791bac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
95d75938ef1c3ed7315bc1d20a549e82

SHA1
096d18e733a9e7bf3bca8885083d8fb4c1ac2816

SHA256
15428d20b7824bf609d5caa245bdb385ce6bcdd37255c4f694f164e60c07a523

SHA512
4215123dd4a9cbae89958c365c31aa603862bbb709523eabd3a3ddeb33e8b1755d1f2268fa996086582fb17d95297ef5554f029cd01fb8fdd4bc2e6f7b442dd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3f1f34c73f13f7221d2867d3d539ddd9

SHA1
62168f00c157f50d18d58ffe79f1d55c02ca9b12

SHA256
538186f099a6da2d1cff0beb75b748b6c942d90d6cf3a45aa9999c0a8b611fe6

SHA512
8c42aa3306530d81621ee96dc5bfb1cf66efc794b1836bc0bbb4bc6e6f60973d77f3e477fc3b998419204cd6997126c8de373ea896197a4c4b7c369db2949477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
93c9fe421918cd97e844576b66e437c0

SHA1
742868d5f14ec5045d4ce99c6161bc605129b5b7

SHA256
fc030a054b506c1eb4366eaf77d532a71ad2535fb99d6185034d94d87e49425b

SHA512
462612f1f88065e983853eaeb42b73d67da01d43cd4f47d8bc97a2731683e475384d7cfcf88517e3143dcc249e172c0af031299eecf13e346675778304be80ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
4076633c09321404abcaf88033414893

SHA1
554a1ae12a7cab64bff3606c19be2bd6ee02c42d

SHA256
5bf7d50f2bf439ca3e25364815ba476045364fb02b49941a3a415c75d031263e

SHA512
e135c04ff6acdc3f58b711bef500e12ce5786a6b1f814945ea350cbf417c2d6878402bfe3cc01e49510bf983b0c48e10be80126c9feeb6bf809303da00f6a1bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit