hxxps://assets-usa[.]mkt[.]dynamics[.]com/9923b715-2c83-ee11-8174-000d3a35772b/digitalassets/standaloneforms/409e537d-5b83-ee11-8179-6045bd033ad8

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
15/11/2023, 06:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://assets-usa.mkt.dynamics.com/9923b715-2c83-ee11-8174-000d3a35772b/digitalassets/standaloneforms/409e537d-5b83-ee11-8179-6045bd033ad8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133445036493290600"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
5108	chrome.exe
5108	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 5600	4908	chrome.exe	85
PID 4908 wrote to memory of 5600	4908	chrome.exe	85
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 3268	4908	chrome.exe	87
PID 4908 wrote to memory of 2636	4908	chrome.exe	88
PID 4908 wrote to memory of 2636	4908	chrome.exe	88
PID 4908 wrote to memory of 3412	4908	chrome.exe	89
PID 4908 wrote to memory of 3412	4908	chrome.exe	89
PID 4908 wrote to memory of 3412	4908	chrome.exe	89
PID 4908 wrote to memory of 3412	4908	chrome.exe	89
PID 4908 wrote to memory of 3412	4908	chrome.exe	89
PID 4908 wrote to memory of 3412	4908	chrome.exe	89
PID 4908 wrote to memory of 3412	4908	chrome.exe	89
PID 4908 wrote to memory of 3412	4908	chrome.exe	89
PID 4908 wrote to memory of 3412	4908	chrome.exe	89
PID 4908 wrote to memory of 3412	4908	chrome.exe	89
PID 4908 wrote to memory of 3412	4908	chrome.exe	89
PID 4908 wrote to memory of 3412	4908	chrome.exe	89
PID 4908 wrote to memory of 3412	4908	chrome.exe	89
PID 4908 wrote to memory of 3412	4908	chrome.exe	89
PID 4908 wrote to memory of 3412	4908	chrome.exe	89
PID 4908 wrote to memory of 3412	4908	chrome.exe	89
PID 4908 wrote to memory of 3412	4908	chrome.exe	89
PID 4908 wrote to memory of 3412	4908	chrome.exe	89
PID 4908 wrote to memory of 3412	4908	chrome.exe	89
PID 4908 wrote to memory of 3412	4908	chrome.exe	89
PID 4908 wrote to memory of 3412	4908	chrome.exe	89
PID 4908 wrote to memory of 3412	4908	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://assets-usa.mkt.dynamics.com/9923b715-2c83-ee11-8174-000d3a35772b/digitalassets/standaloneforms/409e537d-5b83-ee11-8179-6045bd033ad8
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x7c,0x108,0x7ffb4c019758,0x7ffb4c019768,0x7ffb4c019778
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1892,i,17249351272630914699,2842326702926736293,131072 /prefetch:2
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1892,i,17249351272630914699,2842326702926736293,131072 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1892,i,17249351272630914699,2842326702926736293,131072 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=1892,i,17249351272630914699,2842326702926736293,131072 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1892,i,17249351272630914699,2842326702926736293,131072 /prefetch:1
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1892,i,17249351272630914699,2842326702926736293,131072 /prefetch:8
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1892,i,17249351272630914699,2842326702926736293,131072 /prefetch:8
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4548 --field-trial-handle=1892,i,17249351272630914699,2842326702926736293,131072 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5068 --field-trial-handle=1892,i,17249351272630914699,2842326702926736293,131072 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 --field-trial-handle=1892,i,17249351272630914699,2842326702926736293,131072 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5292 --field-trial-handle=1892,i,17249351272630914699,2842326702926736293,131072 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5236 --field-trial-handle=1892,i,17249351272630914699,2842326702926736293,131072 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5280 --field-trial-handle=1892,i,17249351272630914699,2842326702926736293,131072 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1892,i,17249351272630914699,2842326702926736293,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5108

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
dcb16e28fd7aaf192af85a7b1fe32cf6

SHA1
5c15fe8f79c04df54659d5dfbcd6babb84b63c49

SHA256
5e17e54789ea24ad894c44bc07649bd896c97c847e7e047940881d62e6e7f442

SHA512
e9741e3b2265df48043774c83f7b81713628a1834031f38cc7454c05a220ea341b07c1f483ef06639511384b910d2da0db78a6ef9d833c03ddd8883b3dff4fa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
19f9b8551c52cc5f5c6ccfbe76706886

SHA1
50fe96b27311aa47aa586df32a6000f86faf1124

SHA256
c3407c716065e26d42ca2eba7698b007d577b122fcb56d381ba024ef538944d7

SHA512
e5fa8323fe47f27184222fc34176d60e4193d5ff54af4b471fab02388039029781bde34395ed37dd003792b6f4c74cfef30d9faccf01e39e4a25c5a1659ff386

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
9cd59e66b6f798f386d2e2efe8ecd11f

SHA1
ee495e6c56466d5c540a217c16780acd3efec3be

SHA256
0b641a02cd8fc8764a2298b5b31ec6ede8d281940493d3c535745b0912473e9b

SHA512
0ae49ab555e37ec6c7ec7f686ae2224f52b5fd3855a4ba60ac8c5f69d3f4413d336a05c4942bd16ce4105bd160ba08d58ec8702db441df9ad6c91c40c6d15930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
f15c8f351db975aaf0ac2cd922ab6634

SHA1
64b7f43af732fe277e8e39b74495151a50283977

SHA256
0e589806820824d354aaea69c3f995eb2d9d9b103a251e1aa795fa7872d081ca

SHA512
0d5b798976bfef4619d94f87930c6c9da496a6235e0ba1c238497ca3b1d93e28ea8e33a4be8d2951cdf92e3b436c184146e79ba1225225f634e0967a03d4fbe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d9c674f531c7b8287692a958e110fe54

SHA1
647fc2062150b1788b2699314bb5ce213c538238

SHA256
718e37ee6447420feff4ce34769f80e200d347165a3cd7382ab8c0b32522f9b0

SHA512
3abab833c56b7d0a2d6fcf9cbd6d6026869bc2d50ed954114de113d6b33f533b6dd15d1b770d0bad03f04637d7323c69b903827b4379e7c85b632d7cb9e632cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a6099086b9a59b85ad695d1e61057752

SHA1
ef78f375f619c6c1b43c4fbdf5f781c596b6b9df

SHA256
be750b5aa92b6ed81772e58c3fd8cbc21f4a8eb01ddee20c629a6191a357e3b9

SHA512
1d0094356ea43efa9d74c84e8ccec5ea8028010cd3dc9b4a064e304d65be9cf58a222f9f6300b6e3b6f01c9133bafab1abb0816bdd8b15c33b7591cd65c0dd29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
aa52d66540c3bc36b0d69b83c02a7807

SHA1
28038e6b494289430fb43bcc7e7e6e71bd11f5c5

SHA256
5bbf0291d18638f23156e03b90e9dd166f968bab9f3aeb4b36aebe820a90040b

SHA512
ce34a05a6a0a80702c717a3610bc3009168ce1d3a972e6fb9924a3e383561348ad20e908b765bbbb93dff3ea3e953cd1c3690cb4906d45ba4059ed9fc6768da5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
f577dcc5224c994ac68db9c9a4b8dcc3

SHA1
5c9e5bbff7f415ef55da51fa26d1fc97065868b1

SHA256
ade1fd9dfdbc730521bf1221fc78cd65e7ede442026d54295788d237f9782144

SHA512
fda052dedc24755d03b25fda3b46093f1120a8a7424d12c9be1a2682ab77dc0d1d923a2287af489a49e50ed1df94621a299a5cdb74e51a100faac427809e5734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582778.TMP

Filesize
96KB

MD5
3467cc96c83ceb221b48f7e26037f78a

SHA1
c94ef7be7cade9aeaadf53d07840ee9a4b914f87

SHA256
ed5519a80022dd354adae604eab9eb7f60968398083d38a42a2826ef19ab3aeb

SHA512
b7514964c3499972cbc8fd825d3247abc8f706496052118a7b77038590c213d65fdefbb52691aea972ce64089c69f805dafb610cb8eff79ee50d92f1bfdf727c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit