hxxp://serverpronto[.]com

Analysis

max time kernel
600s
max time network
566s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
22/11/2023, 02:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://serverpronto.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133450948085850137"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4068	chrome.exe
4068	chrome.exe
4520	chrome.exe
4520	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4068 wrote to memory of 4796	4068	chrome.exe	34
PID 4068 wrote to memory of 4796	4068	chrome.exe	34
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 3488	4068	chrome.exe	89
PID 4068 wrote to memory of 5068	4068	chrome.exe	90
PID 4068 wrote to memory of 5068	4068	chrome.exe	90
PID 4068 wrote to memory of 4304	4068	chrome.exe	91
PID 4068 wrote to memory of 4304	4068	chrome.exe	91
PID 4068 wrote to memory of 4304	4068	chrome.exe	91
PID 4068 wrote to memory of 4304	4068	chrome.exe	91
PID 4068 wrote to memory of 4304	4068	chrome.exe	91
PID 4068 wrote to memory of 4304	4068	chrome.exe	91
PID 4068 wrote to memory of 4304	4068	chrome.exe	91
PID 4068 wrote to memory of 4304	4068	chrome.exe	91
PID 4068 wrote to memory of 4304	4068	chrome.exe	91
PID 4068 wrote to memory of 4304	4068	chrome.exe	91
PID 4068 wrote to memory of 4304	4068	chrome.exe	91
PID 4068 wrote to memory of 4304	4068	chrome.exe	91
PID 4068 wrote to memory of 4304	4068	chrome.exe	91
PID 4068 wrote to memory of 4304	4068	chrome.exe	91
PID 4068 wrote to memory of 4304	4068	chrome.exe	91
PID 4068 wrote to memory of 4304	4068	chrome.exe	91
PID 4068 wrote to memory of 4304	4068	chrome.exe	91
PID 4068 wrote to memory of 4304	4068	chrome.exe	91
PID 4068 wrote to memory of 4304	4068	chrome.exe	91
PID 4068 wrote to memory of 4304	4068	chrome.exe	91
PID 4068 wrote to memory of 4304	4068	chrome.exe	91
PID 4068 wrote to memory of 4304	4068	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://serverpronto.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff918ec9758,0x7ff918ec9768,0x7ff918ec9778
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1876,i,7062229519214698541,4320098695543936500,131072 /prefetch:2
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1876,i,7062229519214698541,4320098695543936500,131072 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1876,i,7062229519214698541,4320098695543936500,131072 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1876,i,7062229519214698541,4320098695543936500,131072 /prefetch:1
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1876,i,7062229519214698541,4320098695543936500,131072 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3896 --field-trial-handle=1876,i,7062229519214698541,4320098695543936500,131072 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1876,i,7062229519214698541,4320098695543936500,131072 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1876,i,7062229519214698541,4320098695543936500,131072 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2416 --field-trial-handle=1876,i,7062229519214698541,4320098695543936500,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4520

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
8d805445369bba693e57a7b7c7a14e41

SHA1
1cf4cf2cb080f2ea332795aa668953de2a3562f2

SHA256
39daafbe4e07691cd109e66868d6b2d1e7c51269cdc9c9c43b75363607d1898d

SHA512
bcdb0e4b45596b77d156c05b8c3a47a9c6b195317187ef349a5ad8802ae7864d5bc5b47b024388364d6e5269650179835d512abb8d7548970b77e8b034e1a88f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
31fe88984af93cd0fb0db830ef066963

SHA1
c546df01a2e976e6f65a32cc41a3ccbe27b485b9

SHA256
03c68c88941eecb5b36b4774bd59a55156e3ece51ba9df5554fb7adbb51914fa

SHA512
3c63332e9b1d047c2927c3fae5e95454f202cc6a8625a90b91d08b81c1f8e5bd6c34041041400fe5af64c548effbdbecd67b673b8bc59d5425527ce0f1ffc5e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3e44c42532c1ca41d242d679bef4a047

SHA1
7e114549034686feb4c426047995d0462906dbdd

SHA256
72e391e738a4b487af0b15c55eadc688c7cddd35431fe329638d1cb5b174bfda

SHA512
3d8e81c0865ee68600c1d3f0cca1afb760811e4b4c94a32bb49a4a1aee9292f551b74e9900d6134d814b1ffbc96527242e0b950981c64471ffa6e67ae3afbef9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
57d82e50defe772feee88dc2cdea2e78

SHA1
681b22b6d6eef2032ad743a6f1840fcfe92a54fb

SHA256
2616e1391ad37b0c1818c712f8d1d44d2f91c19f6633ea7be948a2b282cbcd50

SHA512
493e665f5b0f1b9266117eba7afaf76f31ed625c3308d139ef066b6dd695e5a81382ca6b606c3b336805e848c4632a923109537f6c42d420d6fedd09d1396a0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e2944ea7b7908778b07c251976b8186f

SHA1
4c69312a9a6c05e9277c140d8b1e5f3ccf4b26e7

SHA256
2d4d8fb1d19d0afb04d4802f7ca0441a5ff68b412ca2161e439b8dbd812b932c

SHA512
5ab0de80851c873efa4130ebd618e6b74dcba419542e23411c9f1799f585e317ed720eb1f6c73d3748e1faab50497f3b576ce04ddad244c411172de3533f5168

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7c59e27b79fce45cc15949b996e33b69

SHA1
f231aede6ae1f32d991a81f9e7ad9bed2f64cdf1

SHA256
f4f20113c9acedf1f98620157fd3a4500cfb671658d5fb6d5ce9371dbfdebc6a

SHA512
43ab7ad066e5a4887fc566a1aaffd157df7d648bbce3ed93333a36214c677c14c56da599330fbaf16cd46ddd74bab661474d5b2462214f787982408baf4e9bd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8feaf962e4053a2571a7d7ac18123db5

SHA1
a69beb4fe2f68da00b4a0d6ffe6001b60e8021f4

SHA256
9a0d9be00976d9e1b37f43deb4cf33672abeff91b5394b1e52039a9ee578204b

SHA512
dfa59846df6e222eaee23bcfd54f873947e0e77ed41592d2e1e2606d9c5dbdbfc8c8c4c50e510eb2b8578de345890f2081a1d115e82a3528e659c9e1f9b39f2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
91656d3a889e51a194b625fca9ef4be4

SHA1
ee44fae1b026fbf8ea6e88d36185252a1a6fdea4

SHA256
cfb71b4402250476c7b0d4a6ee06949d83ad20bc75a6a2b875dfcd60e5480cc4

SHA512
7a1d404d0322f44b0b8d1a92606de9cc4d1cb1304223afc0bcb366628c959cdd878b694e51a9847a0103ac96ee096be742679fef44873e7ce144cad2a1377474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dadaedd757be2dbf1888814d33d5a7f7

SHA1
24db0522aacd607b7b12e11ff933d14d94bda09c

SHA256
e3ecba9d74f7017051d922fee31256c8787c0bb654902f0151e5b72542213291

SHA512
f4b2647654db5e4770f1b9e60b856a1e150e14d4b3cc1c276556c9a7b536636206a3e46fd38309e24bcf80c9be76c035f4da864e98bb119b162d7fea6de2bc09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
268fc6119c3281a2b5eeb08f47bd9d02

SHA1
b0ff06bbd6c680b84cf24a19fea4cdf964318c16

SHA256
fcde6ae2b8ae4f5bbdd47b4fac836abaf4b1e3685cb8d571dd83b944107852d1

SHA512
19a199c95cb54495e4c24fb3baeb0e5ca4e26aca15e984d897a54f542a573cf1cbd3a0ad7222732f7dc5f479e69f00344760b5acefe61a9697c33b7dccbefe19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit