hxxps://www[.]tzurl[.]org

Analysis

max time kernel
180s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
22-11-2023 00:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.tzurl.org

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133450879676670260"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4448	chrome.exe
4448	chrome.exe
1040	chrome.exe
1040	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe
Token: SeShutdownPrivilege	4448	chrome.exe
Token: SeCreatePagefilePrivilege	4448	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4448 wrote to memory of 2988	4448	chrome.exe	88
PID 4448 wrote to memory of 2988	4448	chrome.exe	88
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 2588	4448	chrome.exe	91
PID 4448 wrote to memory of 4168	4448	chrome.exe	92
PID 4448 wrote to memory of 4168	4448	chrome.exe	92
PID 4448 wrote to memory of 988	4448	chrome.exe	93
PID 4448 wrote to memory of 988	4448	chrome.exe	93
PID 4448 wrote to memory of 988	4448	chrome.exe	93
PID 4448 wrote to memory of 988	4448	chrome.exe	93
PID 4448 wrote to memory of 988	4448	chrome.exe	93
PID 4448 wrote to memory of 988	4448	chrome.exe	93
PID 4448 wrote to memory of 988	4448	chrome.exe	93
PID 4448 wrote to memory of 988	4448	chrome.exe	93
PID 4448 wrote to memory of 988	4448	chrome.exe	93
PID 4448 wrote to memory of 988	4448	chrome.exe	93
PID 4448 wrote to memory of 988	4448	chrome.exe	93
PID 4448 wrote to memory of 988	4448	chrome.exe	93
PID 4448 wrote to memory of 988	4448	chrome.exe	93
PID 4448 wrote to memory of 988	4448	chrome.exe	93
PID 4448 wrote to memory of 988	4448	chrome.exe	93
PID 4448 wrote to memory of 988	4448	chrome.exe	93
PID 4448 wrote to memory of 988	4448	chrome.exe	93
PID 4448 wrote to memory of 988	4448	chrome.exe	93
PID 4448 wrote to memory of 988	4448	chrome.exe	93
PID 4448 wrote to memory of 988	4448	chrome.exe	93
PID 4448 wrote to memory of 988	4448	chrome.exe	93
PID 4448 wrote to memory of 988	4448	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.tzurl.org
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb57759758,0x7ffb57759768,0x7ffb57759778
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1848,i,2753203053538893701,14919070929648835074,131072 /prefetch:2
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1848,i,2753203053538893701,14919070929648835074,131072 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1848,i,2753203053538893701,14919070929648835074,131072 /prefetch:8
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2880 --field-trial-handle=1848,i,2753203053538893701,14919070929648835074,131072 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2864 --field-trial-handle=1848,i,2753203053538893701,14919070929648835074,131072 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1848,i,2753203053538893701,14919070929648835074,131072 /prefetch:8
  2⤵
  PID:248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1848,i,2753203053538893701,14919070929648835074,131072 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2432 --field-trial-handle=1848,i,2753203053538893701,14919070929648835074,131072 /prefetch:1
  2⤵
  PID:180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5380 --field-trial-handle=1848,i,2753203053538893701,14919070929648835074,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1040

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5050d67932cf578ce3c7ed2214299651

SHA1
d62875de0fe35207b1eb3edaee45427a9dd82b0d

SHA256
64b8fa2ff5edc43b52de1d699945afd6a45cea6888b96243ac8f5b744f8f0313

SHA512
3c2c87c49f6e1801efac1b673e34b722bd24e22417497b56026d3a787eb2f8c9c17f09d0b8d99d7ee77ea9b47f988230ea271891f1ec01311fdada6d6a83186f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
3a3fd46d2aa8e679e35beb5464130def

SHA1
4474fd48a77ddfc8d900454e8de991289aaf922d

SHA256
d424e229bf198a98b040f258a67ad5750bd916c0646f0da9a7d369fec51907ed

SHA512
080edc4cc461074cd6094d13eb64cd99fb182c8605684744c32492989249379b51ad548486a7959e631c4ca6bf958478a067df23aaa90665c1213828f49397ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\6d0ecf44-7285-4efd-b597-c5e0a3e61128.tmp

Filesize
2KB

MD5
97c1fe51ca5f18dcfe3190bf649e12e6

SHA1
497aaf55786c978d38e5d4767cef85654d256536

SHA256
21cfbd90036d74da6de42d7b7fe27269ffc2700c19d76716ae15fa02a6bdb677

SHA512
3b50e8fb50a6be16a437a92712039229610f24f7c62cc6db1bdd266988c75f3cf3af4a7c4b9f69099c303d864fb361afa91ca17fee2333af13a65c7701dbfba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a34690295929f5fb9a7373bfe23ed220

SHA1
c97d05b0391a43f15e5e61671373216b7ac764bf

SHA256
00dc233c37915a0ac9e13d4059710265cd083f5382802e714d2dcab054f60d6d

SHA512
bbd60ff24f81aeaeb801e341685bee77f21115f668c11a0d5bac2e625ad7363a13aefd4aee3b380a27fa02ed27da9905d72068c5dcf5396d6576a941e082ab62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
288b3efe80ac5943d5120acfabed3fe0

SHA1
ae7bed0fc9354a6c62b0056446fff3dd3d1d2e4c

SHA256
036ef0a6057eb0d794d16d8e29656dba4851911a619953b5de35064c346f7e71

SHA512
c9886156399c7e44c14035c72cd7b0f3f110200ca8e516460bafbc638021cb22ec836f2a49894883f172ff3f9a7f0cd972fe7ec881aae9e500f6657a13734a22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8ea8070629b3c9a443981c8e5f4557af

SHA1
de96a606aaf409efc4eb7f8eda179d206a3a4c73

SHA256
afc6ad550e981ddbe066b66943a07a4f6debd70c015327f53a94d844705666b9

SHA512
33e9083f26bec34c9ec0e17d98816a8ebf9c87437159fcd5d315b4a17a20c906bbc5e292cd7eb3ff9ea3a505ee77e79cf0c8770088aac53d625271c3014910c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5ea8162b984cb1d47ad7f5ed0863d2e0

SHA1
1dac49474e7e358107e30a962ca5c5757b8cdb31

SHA256
2095498e4e022fa6c84d45375debdeab04641383e45c9962bc0ead0f86a0ec31

SHA512
2cc38aabd77738056af5c7c7b194646462c4f759c65edf11bda1b2604d32388b7fea0425b5953989aa2d85cd5a69a2ea11bfb5c6179341c97ed8c56262b1dc13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
40e1e7fb8682526ba07216aad621fd1e

SHA1
6193174789c7b72b3019327e8c6cb8119fce7f69

SHA256
ca70f51555610383325e996b990b5d40e59728b777c22e1dec27e1c968957267

SHA512
220fd8f35141491c7f533e1307c45ba6b38986ef2603a079ebfced11f50c98d503fe6f2f9ccc8abaeaa85924f85954da1f3a5951dce500810e76b37e1f0cde1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
236119f30cb9eb0d8fa94e63533a2144

SHA1
66507668275c9a5e724e4546d2ec39742ae0f6fb

SHA256
581b73a3e24322ff6aa565bcf64146cea3e0c98fcff579909ee2ea92995a20b0

SHA512
03333db4e0b88219751645d90389fb8a6e2eaa01f9e837c1474224e896d865dcccf5bae0fbb230c39040480d70f2832c53e0bfa6d6f14cff20b77d966ab52485

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
01b00b9fedda154f909618962a5535c1

SHA1
634c728a1bbd93c255705f681684e0e96f9cff1a

SHA256
83381dab0efc6476196b2b9cb7af4d0c31c3c2ccfa35e271bd325cd34bb0b2c5

SHA512
d68a2439d789a205372f6702c667719bfcb51dcac6a38f4abb752a95ea2ce5a4d9a928e261756e982f33ad784a8fad3150cb5f9298e58753fa573f140e6470ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d6cc88c914cefe4418c58ae67e604633

SHA1
b2a2caaac5059835140f69a01d278a4eef42678f

SHA256
0238694f017d882e6590c1cea729e7b8da85aed3081f2b546355ef21ca319f0d

SHA512
81d70ab5c83ca28ae8a208f7e697484ff6753ff41a259a0fe3403c333cbca9d9fc6e3d42c72f69e2eab09ff17b0720419084812106086d08adc95344c3e2a70d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
49de1c276a85ce17d6fa1f24bc610d57

SHA1
661f62639fe89f35adc376464970e7b4fb18cb75

SHA256
591f7174b69b52525610ffc2a4848017e21bf2ac50c9c6a14cc65729af868caa

SHA512
963b085a9e65360b264c6036cd92769ab98a9b85a82ffda3407b3a469f46197eecf1d8c51e05a85d4f4f197db993f2df8ec242f4ee05e14ede8ff121fefebc08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit